Malware/email spam problem

  • Resolved Robert Eichhorn

    (@robert-eichhorn)


    10 years, 7 months ago

    I need to ask you for some assistance checking a code file for a malware/email spam problem.

    My web host and their security partner identified the Total Security plugin as a malware problem in February 2014. The file identified as the problem is inc-popup.php, located in the modules folder. The problem with the file has been determined to be a email spam problem. There is code in the file that will allow a hacker to send email spam through the file.

    I contacted Fabrix Doromo, Total Security plugin developer, to report the problem. He believes the identification of his plugin as a malware problem is a false positive. He says the inc-popup.php file is for displaying text in popup windows. I informed him about the email spam problem and I am waiting for his response.

    Fabrix posted the code file for inc-popup.php at GitHub, so the code file can be checked to determine if there is a malware/email spam problem. I would like some assistance checking the code file. Can you check the code file or can you notify someone at WordPress to request their help? Also, who else should I contact to report the problem?

    Also, do you know the code for a generic mailer/email?

    Data:
    1) File Path Data, and Generic Mailer data
    /wp-content/plugins/total-security/modules/inc-popup.php

    PHP-MAILER-GENERIC-md5-ji.UNOFFICIAL FOUND

    2) URL for Code File for inc-popup.php posted at GitHub
    https://gist.github.com/fabrix/10945076

    3) WP Forum – Total Security plugin thread
    https://www.ads-software.com/support/topic/total-security-plugin-is-a-malware-problem

    4) Fabrix Doromo’s website
    https://www.fabrix.net

Viewing 5 replies - 1 through 5 (of 5 total)

  • That file you posted doesn’t look like it would be sending out spam.

    Keep in mind that if your site is hacked any files can be altered.

    Compare the original source code with the code of that same file on your server using this tool to see if there are any differences:

    https://www.diffnow.com/

    Make sure you compare the same version of the plugin.

    If there are differences between the two sets of files replace the files on your server with fresh copies.

    Thread Starter Robert Eichhorn

    (@robert-eichhorn)

    rngdmstr – I informed a WP plugins staff member about the malware problem. He checked the code file for inc-popup.php and did not find any code that could be a generic mailer/email spam problem. He said a virus scanner could have flagged the file as malware by mistake.

    After I deleted the plugin in February, and also this month, my web host rescanned my website and did not find any more malware problems.

    My web host informed me that one of the ways malware can happen is:
    Installing applications, add-ons or modules that are downloaded from third-party locations and may be infected.

    The inc-popup.php file is in the modules folder. So, I thought maybe the file was infected before being installed on my site.

    Now I realize I should have downloaded a copy of the file right after it was identified as malware. My web host gave me 24 hours to document that I fixed the problem or they would suspend my site. And so it goes.

    Thanks for the help.

    Sure thing!

    Getting plugins and themes from legit/official sources in a must-do. Many sites get infected because of this issue.

    We have a great blog post about this if you want to check it out:

    https://blog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.html

    Glad to hear that this issue was sorted!

    Thread Starter Robert Eichhorn

    (@robert-eichhorn)

    @rngdmstr. Thanks for the link.

    No problem ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Malware/email spam problem’ is closed to new replies.