Possible malware – Disabled website

  • What seemed like this plugin completely destroyed our website for days. Created a suspicious admin user account and activity completely paralyzes website, possibly hijacks data. Also actual plugin installs files in places outside the plugin area, which is bad form and gets flagged by security software, possible creating attack vectors.

    This plugin has possibly been targeted by hackers at this moment.

    AVOID.
    ___
    UPDATE: This was most likely a hack, perpetrated by malware calling itself ‘Cleantalk Security-Malware-Firewall’, not by this company itself, even if the actual CleanTalk plugin WAS installed at the time, it did not catch the hack. Hope the developers check their own software for potential malware.

    So for anyone reading, check your admin accounts. There is never a reason for a plugin to have an admin account, even if it seems like it’s there to protect your site.

    • This topic was modified 2 years, 1 month ago by mike2mike.
    • This topic was modified 2 years, 1 month ago by mike2mike. Reason: new info
    • This topic was modified 2 years, 1 month ago by mike2mike. Reason: new info
    • This topic was modified 2 years, 1 month ago by mike2mike.
    • This topic was modified 2 years, 1 month ago by mike2mike. Reason: more info
Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Support Aleksandrrazor

    (@aleksandrrazor)

    Hello @mike2mike ,

    It’s absolutely impossible. If a plugin contains malware or vulnerability code, then the WordPress Plugun Team will immediately restrict access to downloading this plugin.

    Our plugin is quite popular, and in addition to our plugin, clients also have various security plugins and when scanning a site for malicious code, will definitely find it and inform the user.

    The plugin code is open and anyone can check it.

    What can we recommend to you?

    1. Remove unnecessary admin accounts.
    2. Change your administrator password.
    3. Install one of the security plugins and scan the site.

    I hope you change your rating.

    Thank you!

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    @aleksandrrazor Exactly how is this review a “Guideline violation”?

    Plugin Support Aleksandrrazor

    (@aleksandrrazor)

    Hello Jan,

    A loaded question is a form of complex question that contains a controversial assumption (e.g., a presumption of guilt).[1]

    This is not a review of the experience of using the plugin, since our plugin does not lead to such consequences as the author indicated.

    Thank you!

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    People do get to be wrong in reviews. You reply well and move on. like so.

    1. Someone leaves a review.
    2. The developer (or you) reply in a reasonable, reconciliatory manner that impresses the world with “Hey, that’s a great reply from a professional!
    3. The End.

    See?

    Moderator Yui

    (@fierevere)

    永子

    @aleksandrrazor
    There are some review related guidelines links for you:

    ——–
    We have some recommendations for how you can handle this at https://make.www.ads-software.com/support/2016/08/about-plugin-and-theme-reviews/

    Please also read through https://make.www.ads-software.com/plugins/2019/08/23/reminder-developers-must-comply-with-the-forum-guidelines/

    And a video, if you like: https://wordpress.tv/2016/06/30/mika-epstein-reviews-the-good-the-bad-and-the-stalker/

    If you would like to discuss this further, please join us in the #forums channel on Slack: https://make.www.ads-software.com/chat/

    Thread Starter mike2mike

    (@mike2mike)

    Adjusted the review to be a bit more nuanced, thanks to the devs feedback. Thanks guys, but unlikely I’m trusting this plugin in the future, even if it’s probably more for emotional reasons.

    Plugin Author Denis

    (@shagimuratov)

    @mike2mike,

    Thank you for changing the review and great feedback! I hope you find the real reason of this issue.

    PS
    Our plugins do not create any accounts at all!

    Did you try to Google the account name? There is a chance that this account has been created by another security plugin or a malware. So, if you Google the account name you will have more information to solve the issue. Or just submit the support request here https://cleantalk.org/my/support/open

    Thread Starter mike2mike

    (@mike2mike)

    This was their name lol:

    A user with username “CleanTalk” who has administrator access signed in to your WordPress site.
    User IP: 146.70.75.139
    User hostname: 146.70.75.139
    User location: Montreal, Quebec, Canada

    Hence my freakout lol

    • This reply was modified 2 years, 1 month ago by mike2mike.
    • This reply was modified 2 years, 1 month ago by mike2mike.
    Plugin Author Denis

    (@shagimuratov)

    @mike2mike,

    Thanks for sharing details.

    1. Do you manage your site alone? If not, is it possible that one of your colleagues created the account?

    2. How did you get this notification? Is it generated by a WordPress plugin or a hosting app?

    Regards.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Possible malware – Disabled website’ is closed to new replies.