Plugin Works Well

What are you talking about?

Why do you think that your site was hacked because of Anti-spam plugin?

Why do you think that Anti-spam plugin inject another plugin into your site?

You may check out the code of the Anti-spam plugin. Code is pretty short, easy to read and well commented. There is no dangerous code in there.

And why do you post this topic into Reviews section and not into Support section?

P.S. Red icons are not devils, it is the icon of the IrfanView – free image viewer. ??

I’m not saying that your plugin was the reason my site was hacked. I am saying that your plugin was one of the plugins that was modified by the hackers.

I’m sorry that I posted this as a review instead of a support post, but I’m unhappy that your plugin was targeted by, and able to be changed by, the hacker.

I’m not saying that your plugin was the reason my site was hacked.

Before that:

One of my sites was hacked last night. It appears that this plugin has a back door that allowed code referencing another plugin by the same author (https://www.ads-software.com/plugins/filenames-to-latin/) to be injected into my site.

You should understand that plugin developers are not responsible for the whole security of your site if you were hacked somehow.
Hackers could pass thru some hosting hole (brute-force ftp password) or could just brute-force one of your user accounts. Try to install “Limit login attempts” plugin and you will be protected from login brute-force attacks at least.

• I did not understood the whole scenario. How in this story appeared “filenames-to-latin” plugin?
• What does the administrator of your hosting told you about this hack?
• What other plugins did you have on your site?
• Do you have admin username on your site? In most cases hackers try to brute-force this one username.
• What version of WordPress do you have?
• What code was added? I did not close php tag intentionally and if code was appended to file – the site should return an php error and code in most cases should not run at all.

If hacker have login or ftp access to the site – he could change what ever he want. Maybe hacker changed first plugin in the list and Anti-spam plugin start with the letter “A” ??

Hi. The hacker didn’t access the site with a UN/PW. There is no Admin username. I’m running WordFence, and got this message this morning:

Wordfence found the following new issues on [site name].

Alert generated at Wednesday 3rd of July 2013 at 11:33:32 PM

Warnings:

* Modified plugin file: wp-content/plugins/anti-spam/js/anti-spam.js
* Modified plugin file: wp-content/plugins/anti-spam/readme.txt
* Modified plugin file: wp-content/plugins/backwpup/readme.txt
* Modified theme file: wp-content/themes/twentyeleven/languages/twentyeleven.pot
* Modified theme file: wp-content/themes/twentytwelve/languages/twentytwelve.pot

The modification to Anti Spam included a reference to your “Filenames to Latin” plugin. Unfortunately, I didn’t think to save the changed code before restoring the plugin to the version you have here in this repository.

Hope this is helpful….

PS. If there is a way to move this conversation to the support threads, I will try to help you do that, if you would like.

Also, the site hosting company’s response was that WP isn’t secure and it’s not their problem. The installation was running the latest version of WP and all plugins.

TalkShow in the future instead of leaving bad reviews can you please just start a support topic instead?

https://www.ads-software.com/support/forum/how-to-and-troubleshooting#postform

You gave this plugin a bad review because your site was hacked? That’s hardly fair and webvitaly is 100% correct when he wrote

You should understand that plugin developers are not responsible for the whole security of your site if you were hacked somehow.

And this reply from your hosting company?

Also, the site hosting company’s response was that WP isn’t secure and it’s not their problem.

Get a new hosting company. Seriously, that level of ignorance means you are wasting your time and money with them.

Starting from the top:

Your site is hacked. You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

Additional Resources:
Hardening WordPress
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

@talkshow:

I installed Wordfence and now I got it.

You must be enabled these Wordfence options:

• Scan theme files against repository versions for changes
• Scan plugin files against repository versions for changes

I installed Wordfence too and enabled these options and here what scan shown to me:

Warnings:
* Modified plugin file: wp-content/plugins/anti-spam/anti-spam.php
* Modified plugin file: wp-content/plugins/anti-spam/js/anti-spam.js
* Modified plugin file: wp-content/plugins/anti-spam/readme.txt
* Modified plugin file: wp-content/plugins/exclude-pages/readme.txt
* Modified plugin file: wp-content/plugins/limit-login-attempts/limit-login-attempts.php
* Modified plugin file: wp-content/plugins/subscribe-to-comments/readme.txt
* Modified plugin file: wp-content/plugins/subscribe-to-comments/subscribe-to-comments.php
* Modified theme file: wp-content/themes/twentyeleven/functions.php
* Modified theme file: wp-content/themes/twentyeleven/languages/twentyeleven.pot

Many plugin developers make small not critical changes without changing the version of the plugin or the theme. So users does not see the update notices and all updates will be applied during next plugin or theme update. There is no need to annoy users each time if some not critical changes were made (new word was translated or new comment to code was added or similar). But as you may understand user’s files and repository files are slightly different in this case. That is why Wordfence see the changed files and think that it is attack. But you can compare these changes in Wordfence admin panel after scan and you will see that there will be no dangerous code.

As you can see even www.ads-software.com core developers do the same for twentyeleven theme.

But as you can understand there was no any hacker’s attacks.
It was just some modification in the wp.org plugins and theme repository by original developers.

Do not panic, everything is fine with your site and nobody did not attack it.

P.S. I cannot move this topic to Support section. But you can at least change the rating of this topic for any one as you wish. Now you know that there is no dangerous code in Anti-spam plugin.