WordPress.org

Support

Support » Reviews » WARNING – SKETCHY REDIRECTS!

WARNING – SKETCHY REDIRECTS!

  • The plugin works, but please note this plugin is in a folder/directory name not associated with the plugin name. That folder/directory name is called, “jpeg-upload-only”.

    This plugin also adds what looks to be a redirect to a website called, “http://www.likjafh.net/l.php” in the header using a function called, “silly” using “add_action(‘wp_head’, ‘silly’).

    Upon investing likjafh.net, the site has been reported as malware among other things.

    I STRONGLY RECOMMEND NOT INSTALLING this plugin if you want to protect your users. Even if the redirect is safe, the author did not communicate this procedure in his plugin and it will screw your WordPress Headers.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Confirmed.

    The author is malicious. Upon reviewing the developer profile and downloading the previous version zip files, malware was activated after opening the zip files. I don’t know what types, but a commandline window was opened and something was installed after the zip was closed.

    DO NOT DOWNLOAD THIS PLUGIN.

    Moderator Jan Dembowski

    @jdembowski

    Volunteer Mod. & Brute Squad

    Confirmed how?

    Like I said, opened the zip file and it auto-installed software before extracting the zip file contents. Windows explorer restarted (Windows 8) therefore after. That is very abnormal activity for a normal zip archive.

    You can feel free to check if you want.

    http://downloads.wordpress.org/plugin/jpeg-upload-only.bwp-google-xml-sitemaps.zip

    This is the file that I snagged from the authors profile when reviewing other versions of the plugin.

    Does wordpress not validate the plugins?

    I mean, this is a Sitemap plugin that’s installed under a directory called “jpeg-upload-only”. That name has nothing to do with Sitemap or the author. On top of that, there is a fishy function that injects a fishy link into the WordPress header.

    Regardless if everything checks out, how is that methodology allowed in the plugin repository for WordPress? These are peoples websites that are hosted on real servers. 😀

    Moderator Jan Dembowski

    @jdembowski

    Volunteer Mod. & Brute Squad

    Like I said, opened the zip file and it auto-installed software before extracting the zip file contents. Windows explorer restarted (Windows 8) therefore after.

    That would be a neat trick as all that’s in that file is GIF and ASCII files. 😉

    On top of that, there is a fishy function that injects a fishy link into the WordPress header.

    Now THAT’S good information. In the future please report plugin issues like this to plugins [at] wordpress.org (which I’ve just done).

    Does wordpress not validate the plugins?

    There are 30,000+ plugins in the WordPress repo and only a handful of volunteer reviewers. The initial upload is examined but authors can later on pull a stunt like this. Sadly it happens but it’s also dealt with when found.

    I understand the amount is far greater than what a handful of volunteers can handle. But it’s also creating a repository of infection because they decide to allow free realm to upload anything as opposed to a serious review system.

    But I guess that’s what you get with free.

    Moderator Jan Dembowski

    @jdembowski

    Volunteer Mod. & Brute Squad

    Actually the track record is pretty good and if you’ve a suggestion on how to improve the plugin review system then I’m sure they’d like to hear it. ;D

    Yes, occasionally some people will do dodgy things. But the majority of the authors have actually been raised by a family. These problems are dealt with when found.

    Moderator Samuel Wood (Otto)

    @otto42

    WordPress.org Tech Dude

    The plugin has been killed from our system. Sometimes people try to sneak stuff past us like this. This particular one started out correct, then he put in the false plugin 2 weeks ago, according to the log.

    Plugin has been delisted, the author has been banned from the plugin directory.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘WARNING – SKETCHY REDIRECTS!’ is closed to new replies.