Unidentified Advertiser wants plugin install to show ads on site, is it safe?

  • Resolved puzzl3d

    (@puzzl3d)


    12 years, 5 months ago

    Hey guys, is it safe to download a plugin from an unidentified advertising company seeking to display ad one of my site?

    According to the advertising company, after I agreed to sell banner space in our previous communication: “You should install and activate the plugin in order to display advertisement. Before making payment, advertiser must approve location of the banner. The banner will be shown on your site when you add special code to your web address”.

    How dangerous is it to install this unidentified plugin? Is there a way, to find out if this plugin or “special code” (as the advertiser put it), has virus or any harmful script?

    The advertising company agreed to pay $100 monthly for one ad spot, and provided me a login and password to there private area (sort of like a publisher account area), where I can download the plugin/code to install on my WordPress site. Here is a snapshot of the publisher or my account area on the advertising company’s website: Snapshot.

    My site in question barely gets 100 visits per day, so am really skeptical about this advertising company, name withheld.

    Any tips/advice on how to go about this is well appreciated.

Viewing 12 replies - 1 through 12 (of 12 total)
  • Samuel B

    (@samboll)

    12 years, 5 months ago

    2nd time in a week this sort of thing has been posted

    I would be VERY skeptical – for numerous reasons.
    do your homework
    search the company on google and facebook
    same with anyone identified with company
    ask for references and websites already doing this
    how long in business?
    etc.

    Thread Starter puzzl3d

    (@puzzl3d)

    12 years, 5 months ago

    Hey Samuel, thank you for your input. I am indeed very skeptical about this, and whoever is behind this scheme is quite good I must say. One of the reasons why am very skeptical about this so called advertising company is that I could barely find anything about the company via Google search. However, the company’s website is in french, so am thinking that may be the case. The company claim to be based in Paris. Here’s the company’s site:

    emmaagency.biz

    I haven’t responded yet to the company, I really don’t see no reason why an advertising company would require a download and install of their plugin or “special code” as they mentioned, just to display ads.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    πŸ³οΈβ€πŸŒˆ Advisor and Activist

    12 years, 5 months ago

    Hey guys, is it safe to download a plugin from an unidentified advertising company seeking to display ad one of my site?

    Almost never.

    Also Google knows about France. If they were legit, they’d show up.

    tommyg73

    (@tommyg73)

    12 years, 5 months ago

    @puzzl3d
    Have you installed the plugin on your site?
    I installed it and then removed it after reviewing the changes to my site. This plugin did not just add ads, but also modified wp_setting.php and another file in wp_admin to inject (encoded) code seemingly as cache.
    I’ve contacted them after removing the plugin and the changes – if they are actually ligit they will send static html ads (we’ll see).

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    πŸ³οΈβ€πŸŒˆ Advisor and Activist

    12 years, 5 months ago

    If that plugin is hosted HERE on the WordPress.org repository, please let me know. I’ll have it removed.

    tommyg73

    (@tommyg73)

    12 years, 5 months ago

    The link I got was http://docs.emmaagency.biz/wp_install
    Not to say that you should install it or anything, but maybe someone wants to examine the code.

    Nikki Blight

    (@kionae)

    12 years, 5 months ago

    I would be very skeptical about a site that’s only been around since October.

    http://www.whois.net/whois/emmaagency.biz

    Thread Starter puzzl3d

    (@puzzl3d)

    12 years, 5 months ago

    @tommyg73, No I didn’t bother to install the plugin, what I did was emailed him/them back that I will only accept ads in image formats (jpg,png) linking to a specified advertiser site. The person behind this hidden agenda replied insisting that I must install the plugin for the advertising to kick off. However, I wrote back telling him to check back with me in the next few years of the same month, same day, and same hour lol.

    And wow…the plugin did all of that? Sounds scary, this is one of the reasons why am hoping to completely stay off plugins soon and just manually add any functionality or mod any of my WP site may need. Just don’t know how to yet.

    Thanks guys for looking into this scenario for me, am quite glad I didn’t fall victim to the mischievous nincompoop behind this scheme.

    I hope nobody falls for this, the people or person behind this could be a WP hacker. Can their site be reported at all?

    Thread Starter puzzl3d

    (@puzzl3d)

    12 years, 5 months ago

    Didn’t cross my mind to lookup the whois. Its almost as if this person quickly registered and setup the site just to attack my site. The whois record shows that the domain was registered on October 31 2011, and I received an email from him/them on the same day. Jobless I must say!

    From: Kevin Meunier <>
    Date: Monday, October 31, 2011 3:27 PM
    Subject: We would like to buy banner space on your site binladensdeath.info.

    Message Body:
    Hi,

    We are looking for new advertisement platforms and we are interested in your site binladensdeath.info.
    Is it possible to place banner on your site on a fee basis?

    Best regards,
    Kevin Meunier


    This mail is sent via contact form on BinLadensDeath.Info http://binladensdeath.info

    tommyg73

    (@tommyg73)

    12 years, 5 months ago

    I actually looked at the whois information, which is what drove me to double check my site – unfortunately after the plugin was already installed.
    How naive was I ;->

    painfreeperiod

    (@painfreeperiod)

    12 years, 3 months ago

    I received the same spammy email and am glad I checked into it. Something seemed fishy about the whole “install this plugin on your site” angle. I received the email from lanaagency.com also a french website. When you copy and paste the text into google translate, the content on the site seems fishy as well, like a bunch of gibberish thinly veiled as a marketing company. Also, their domain registration according to whois was one day prior to sending me the email.

    Long live internet investigation!

    TCBarrett

    (@tcbarrett)

    12 years, 3 months ago

    It is a scam. Scam. Scam.

    The plugin grabs an ‘xml feed’ uses fil_put_contents to write a few images to disk, and also inject some horrible “eval(base64_decode(…))” code into the wp-settings.php file.
    This dials home to a russian domain and listens on some query param for further instructions. I had look at in a sandbox environment a few months back, have probably still got the malicious code somewhere if anyone wants to properly dissect it?

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Unidentified Advertiser wants plugin install to show ads on site, is it safe?’ is closed to new replies.