Security scan reports "Dangerous and threatening code" in sidekick?

  • Today I ran a VaultPress scan on a WordPress site. It reports “Suspicious code: Dangerous and threatening code often used to attack sites”

    Detected the signature PHP.Generic.BadPattern.6 on ./wp-content/plugins/sidekick/sidekick.php.

    PHP.Generic.BadPattern.6

    This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned.

    https://www.ads-software.com/plugins/sidekick/

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author Ben Fox

    (@benfox)

    Hi Jastuccio,

    Thank you for bringing this to our attention. I am going to get into it right now and report back.

    Can you confirm that you’re running the latest version of the plugin, installed from the repo?

    Thank you,

    Ben Fox

    Thread Starter Jastuccio

    (@jastuccio)

    Thank you Ben,

    It should have been the latest version. I deleted the plugin with the idea of possibly restoring it from a backup later on. My dashboard was not showing required updates. The client hosts with GoDaddy pro and I think it comes as part of their package.

    Plugin Author Ben Fox

    (@benfox)

    Yes, it does come pre-installed with GD Pro and I understand why you deleted it. Did you by chance capture a screenshot or any further details from the scan that you can send to [email protected]?

    Just on a dinner break here but we will get into it right after.

    Thanks

    Ben

    Thread Starter Jastuccio

    (@jastuccio)

    2 emails sent

    Plugin Author Ben Fox

    (@benfox)

    We’ve just completed a scan of the plugin and a few sites with it installed and couldn’t replicate the error. That said, that doesn’t mean there isn’t a problem. We are going to inform Go Daddy right now so they can run a check on the version they’re installing as well.

    Have you rescanned the site since you deleted SIDEKICK? Has the warning disappeared and if so, was SIDEKICK the only thing you removed?

    Thanks for your patience and assistance with this.

    Ben

    Thread Starter Jastuccio

    (@jastuccio)

    I rescanned today. No warnings. Sidekick was all I removed.

    Plugin Author Ben Fox

    (@benfox)

    Thank you. We’ve scanned the plugin and didn’t find anything but will continue to keep an eye out.

    Plugin Author Ben Fox

    (@benfox)

    Jastuccio,

    Can you please provide us with the domain where you saw the error? Vaultpress is going to help us track it down and verify.

    If you prefer not to post it here, please email it to [email protected].

    Thank you

    Ben

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Security scan reports "Dangerous and threatening code" in sidekick?’ is closed to new replies.