WordPress.org

Support

Support » Plugins and Hacks » Think a malicious file may have been uploaded via TDO Mini Forms

Think a malicious file may have been uploaded via TDO Mini Forms

  • PinkishHue
    Participant

    @pinkishhue

    I just noticed a message in Google Webmaster Tools telling me one of my sites had a ‘phishing’ warning. The malicious files were saved in the directory that TDO Mini Form users use to add images to their posts.

    A file called server.exe had been uploaded to that directory, and within that directory the tmp directory contained folders as follows (which I have now deleted):

    wp-content/uploads/listingimages/tmp/4/windowslive/confirmation/

    I only had image file types included in the allowed files list so I don’t know how a .exe file was uploaded.

    Just read the plugin author’s post about this issue (http://thedeadone.net/blog/where-has-tdo-mini-forms-plugin-gone/) so it seems it is a known problem, but I thought posting this here might be of some use anyway.

    I have deleted the folders and hopefully the problem is now solved, but I hope there might be an update to the plugin some time because I like TDO Mini Forms a lot! 🙂

    http://wordpress.org/extend/plugins/tdo-mini-forms/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Think a malicious file may have been uploaded via TDO Mini Forms’ is closed to new replies.