Unauthorized addition of code

  • Resolved thinkdolphin

    (@thinkdolphin)


    2 years, 4 months ago

    I got a notification that “system” added two code snippets to our website:
    Completely Disable Comments and Display a message after the 1st paragraph of posts

    This happened around 1am this morning (Eastern time) and there were no logs of any unauthorized logins. The IP address was from Japan.

    Is there some sort of vulnerability in this plugin?

    I have deleted these snippets but have no idea how to prevent it from happening again since I have no idea how it happened in the first place!

    TIA

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Mircea Sandu

    (@gripgrip)

    Hi @thinkdolphin,

    Thank you for reaching out. The 2 snippets mentioned are automatically added as sample snippets as part of an install routine to make it easier to get started.

    The snippets will only get added once and they are inactive when added so they won’t change anything on the site unless activated manually by a user with rights to activate snippets.

    Let me know if we can provide more info.

    Thread Starter thinkdolphin

    (@thinkdolphin)

    Thank you for the response. What’s weird is they changed the status from New to Draft.

    This is the exact messages via Sucuri:

    01:16 system Wpcode status has been changed (details):
    ID: 1549, Old status: new, New status: draft, Title: Completely Disable Comments. IP: 20.222.74.82

    01:16 system Wpcode status has been changed (details):
    ID: 1548, Old status: new, New status: draft, Title: Display a message after the 1st paragraph of posts. IP: 20.222.74.82

    Plugin Author Mircea Sandu

    (@gripgrip)

    Thank you for the details.

    From what I can see, that’s just the way Sucuri registers that the post is new and it has been created as a draft.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Unauthorized addition of code’ is closed to new replies.