WordPress.org

Forums

Google XML Sitemaps
WARNING - SKETCHY REDIRECTS! (9 posts)

  1. tehfamine
    Member
    Posted 1 year ago #

    The plugin works, but please note this plugin is in a folder/directory name not associated with the plugin name. That folder/directory name is called, "jpeg-upload-only".

    This plugin also adds what looks to be a redirect to a website called, "http://www.likjafh.net/l.php" in the header using a function called, "silly" using "add_action('wp_head', 'silly').

    Upon investing likjafh.net, the site has been reported as malware among other things.

    I STRONGLY RECOMMEND NOT INSTALLING this plugin if you want to protect your users. Even if the redirect is safe, the author did not communicate this procedure in his plugin and it will screw your WordPress Headers.

  2. tehfamine
    Member
    Posted 1 year ago #

    Confirmed.

    The author is malicious. Upon reviewing the developer profile and downloading the previous version zip files, malware was activated after opening the zip files. I don't know what types, but a commandline window was opened and something was installed after the zip was closed.

    DO NOT DOWNLOAD THIS PLUGIN.

  3. Confirmed how?

  4. tehfamine
    Member
    Posted 1 year ago #

    Like I said, opened the zip file and it auto-installed software before extracting the zip file contents. Windows explorer restarted (Windows 8) therefore after. That is very abnormal activity for a normal zip archive.

    You can feel free to check if you want.

    http://downloads.wordpress.org/plugin/jpeg-upload-only.bwp-google-xml-sitemaps.zip

    This is the file that I snagged from the authors profile when reviewing other versions of the plugin.

  5. tehfamine
    Member
    Posted 1 year ago #

    Does wordpress not validate the plugins?

    I mean, this is a Sitemap plugin that's installed under a directory called "jpeg-upload-only". That name has nothing to do with Sitemap or the author. On top of that, there is a fishy function that injects a fishy link into the WordPress header.

    Regardless if everything checks out, how is that methodology allowed in the plugin repository for WordPress? These are peoples websites that are hosted on real servers. :D

  6. Like I said, opened the zip file and it auto-installed software before extracting the zip file contents. Windows explorer restarted (Windows 8) therefore after.

    That would be a neat trick as all that's in that file is GIF and ASCII files. ;)

    On top of that, there is a fishy function that injects a fishy link into the WordPress header.

    Now THAT'S good information. In the future please report plugin issues like this to plugins [at] wordpress.org (which I've just done).

    Does wordpress not validate the plugins?

    There are 30,000+ plugins in the WordPress repo and only a handful of volunteer reviewers. The initial upload is examined but authors can later on pull a stunt like this. Sadly it happens but it's also dealt with when found.

  7. tehfamine
    Member
    Posted 1 year ago #

    I understand the amount is far greater than what a handful of volunteers can handle. But it's also creating a repository of infection because they decide to allow free realm to upload anything as opposed to a serious review system.

    But I guess that's what you get with free.

  8. Actually the track record is pretty good and if you've a suggestion on how to improve the plugin review system then I'm sure they'd like to hear it. ;D

    Yes, occasionally some people will do dodgy things. But the majority of the authors have actually been raised by a family. These problems are dealt with when found.

  9. The plugin has been killed from our system. Sometimes people try to sneak stuff past us like this. This particular one started out correct, then he put in the false plugin 2 weeks ago, according to the log.

    Plugin has been delisted, the author has been banned from the plugin directory.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags