Background Image Cropper has a VIRUS

Viewing 15 replies - 1 through 15 (of 17 total)

  • yesssss my website was infected also. Did you mange to fix it @avibadash ??

    This plugin has viruses and malware. Don’t know how could this happen to a plugin uploaded on WordPress!!!!

    Thread Starter AviBadash

    (@avibadash)

    I delete this plugin from all my sites I found it.
    In fact I don’t remember I installed – I’m not using it.
    I think, this plugin is install itself – may be through other back door I have in part of mt sites.
    Anyway it’s sure the plugin is infected because I checked his files.

    Yes it is. unfortunately I installed it a month ago and it causes a lot of problem. now when I delete it, it backs the other day. Any help with this?!

    it hacked my website and did Japanese hack keyword and is trying to get control of my website.

    The compromised “background-image-cropper.zip” comes with several encrypted files, probably the “IndoXploit-shell”

    how to stop it plz? I delete it many times and it back again!!!

    Thread Starter AviBadash

    (@avibadash)

    Yes it’s installed again itself.
    There are also some files installed in the wp.
    To stop this go to your wp files and delete all files there are not wp files.
    Good luck

    Thanks for your reply. But Did you tried that? coz I tried to delete the plugin itself many times and it back again!

    Thread Starter AviBadash

    (@avibadash)

    Yes I know – you have to delete it every time.
    Don’t forget delete all files there are not wp files

    It is worth to search website access log files for suspicious HTTP POST requests targeting /wp-content/uploads/ folder or probably other non-core PHP files.

    You either missing installed shell files or one of the used plugins have security vulnerability and allows upload of PHP files or remote code injection.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Hello Steven,
    I don’t know how would you accept such a plugin in WordPress!! It is a hacked plugin. I talked to Sucuri and they said the website is clean but it backs again after a month. Didn’t install anything during this month. No new plugins no scripts. And Used most good security procedures but it back. This plugin shouldn’t be available at WordPress never ever.

    Hello quttera,
    I did and everything seems fine but how could the plugin is back. How? I don’t know!

    It may come from other accounts (or other sites) if you are using shared hosting to host this site.

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘Background Image Cropper has a VIRUS’ is closed to new replies.