Support » Plugin: Wordfence Security - Firewall & Malware Scan » wp-super-cache/readme.txt file contains suspected malware URL

  • Resolved pictureitsolved

    (@pictureitsolved)


    Is there a new issue with WP Super Cache plugin? I received a warning from Wordfence on two of my sites about a suspected malware URL in the readme.txt file. I wasn’t using it and deleted the plugin.

    Here’s the text from the Wordfence scan:

    File contains suspected malware URL: /wp-content/plugins/wp-super-cache/readme.txt

    Filename: wp-content/plugins/wp-super-cache/readme.txt
    Bad URL: (DELETED: I DON’T WANT TO SEND YOU THERE!)
    File type: Not a core, theme or plugin file.
    Issue first detected: 6 secs ago.
    Severity: Critical
    Status New

    This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: (DELETED: I DON’T WANT TO SEND YOU THERE!) – More info available at Google Safe Browsing diagnostic page.

    I followed the link to the Google Safe Browsing diagnostic page and there were current issues.

    Karen

    https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter pictureitsolved

    (@pictureitsolved)

    Here are details from the Google Safe Browsing diagnostic page, with bad URLs removed.

    Safe Browsing
    Diagnostic page for BAD-SITE’S-URL

    What is the current listing status for BAD-SITE’S-URL?
    Site is listed as suspicious – visiting this web site may harm your computer.
    Part of this site was listed for suspicious activity 4 time(s) over the past 90 days.

    What happened when Google visited this site?
    Of the 492 pages we tested on the site over the past 90 days, 30 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-10-19, and the last time suspicious content was found on this site was on 2014-10-19.
    Malicious software includes 32 exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.
    Malicious software is hosted on 9 domain(s), including (REMOVED).
    2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including (REMOVED).
    This site was hosted on 1 network(s) including AS22611 (IMH-WEST).

    Has this site acted as an intermediary resulting in further distribution of malware?
    Over the past 90 days, BAD-SITE’S-URL appeared to function as an intermediary for the infection of 2 site(s) including (REMOVED).

    I also received this on many sites.

    Wordfence gave me this this domain as the problem: designcontest dotcom Is it the same for you?

    From the thread below:

    “The readme.txt can’t be executed. It probably flagged one of the credit links at the end of the file. The plugin doesn’t have any malware.”

    From:

    https://wordpress.org/support/topic/malware-reported-in-wp-super-cache-readmetxt?replies=4

    Plugin Author WFSupport

    (@wfsupport)

    You can select to ignore if the plugin author says it is ok. If the warning is directed at a link in the file, I’d consider trying to update to a fresh copy. See if we still flag it as bad, then either ignore it or find another caching solution.

    tim

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘wp-super-cache/readme.txt file contains suspected malware URL’ is closed to new replies.