• Just spent a couple days cleaning up a URL injection hack on a site of mine. All seemed good, then I get a notice from Wordfence of a file change in Feed them Social, I go back to the site, and it’s once again compromised.

    I suspect this plugin has been exploited.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author slickremix

    (@slickremix)

    @cacarr,

    If you would kindly share what information you have we would be very grateful as we take all malicious type threats seriously with our plugin. I did make an update 2 days ago changing a link to our website in a js file, that is all. Wordfence is known for showing these types of changes. Look forward to hearing from you.

    Spencer

    Plugin Author slickremix

    (@slickremix)

    @modlook Is this an acceptable reason for a one star review? That is a pretty serious allegation to make, with no proof. As I mentioned an update was made to change a link to slickremix.com in a js file, I did not see a reason to make a whole version change to our plugin based on this. Wordfence will notify you of any plugin changes as I have seen this for myself. Coincidence appears to be the culprit here in my humble opinion.

    If a plugin was the source of the hack there should evidence of the HTTP log files and you would want to provide that evidence to the developer. It doesn’t sound like you have reviewed those yet, since you are citing a source of the hack based on a casual correlation and not actual evidence. So you should review those log files and any others available to see what evidence they provide as to the source of the hack, so that whatever the vulnerability that allowed the website to be hacked can be fixed.

    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    I’ve removed the modlook tag.

    Is this an acceptable reason for a one star review?

    Yes, it is

    Mutters “I wish I had coffee”

    Here’s the the thing: reviews are feedback. How you, the author, replies is much more valuable than any 1 star review. Reply well, people do read these reviews.

    Without more information from the user it’s hard to determine what he’s referring to. While I doubt your plugin had anything to do with @cacarr site being exploited we still need to hear from him.

    HI I was experiencing trouble with a website being hacked. I installed a malware scanner plugin SUCURI and it came up with the following after I deleted the Spider Player rougue directory:
    SiteCheck: Malware Payload
    Close
    <b>Notice</b>: Undefined index: popup in <b webiste/wp-content/plugins/feed-them-social/feeds/facebook/facebook-feed-post-types.php</b> on line <b>543</b><br /

    The Initial in might have been through spider video plahyer plugin- Which was not anything I had in stalled.

    I had been using your plugin prior but now I have uninstalled. Please advise if this is helpful or if you have heard of any issues like this. I liked your plugin and would like to use again.

    • This reply was modified 2 years, 4 months ago by  BeckyBruso.
    Plugin Author slickremix

    (@slickremix)

    @beckybruso thanks for the info. SUCURI is returning a notice about an undefined variable in our code. That is not something that would be open for any kind of attack. Basically it’s saying we need to isset that variable before requesting it. If you were to set wp-debug mode to true on your wp-config.php file you would get the same message. I believe that the issue with that variable $popup has been isset now and should not present that problem. However if you would be so kind as to retry the plugin on a development site and check to see if that warning message comes up after setting wp-config to true or checking SUCURI again that would be a great help, and we would gladly reward you for your efforts and time.

    To any and all that may read this review. Our intent with this plugin is to bring the best and most valuable support available for a Free/Premium Plugin. In order to do this we need your help to make this possible. Instead of placing a negative review IF you are experiencing a problem that you are weary of and think is a threat or just a general issue you don’t understand, PLEASE do not hesitate to contact us and report the issue. Over the last 4.5 years we have set out to patch or repair any problems with our plugin. And in many cases we have resolved these problems in less that 1 hour and in 99% of all cases we have given users the premium version and more for helping us out. We are only 2 people but we are very proud and love the work we do, so if you like our plugin that much and have the patience to allow us to help when problems arise, you can rest assured we will take care of you.

    We appreciate your support,

    Spencer and Justin

    Hi- I was able to do the test on a non-dev website with Succuri and the error is not presenting any longer. I had liked your plugin a lot and will give it another try. My apology for not following up sooner, had other websites needing work before I returned to this. Thank you.
    Becky

    Plugin Author slickremix

    (@slickremix)

    No problem! Thanks for the follow up. We made a ton of improvements in the last few months. Maybe you would consider hooking us up with a better rating 😀 when you get a chance. Have a great week.

    Spencer

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Suspicious’ is closed to new replies.