Vicious Plugin

  • So my blog has randomly been adding links to wordpresssupplies.com in my blogroll. I only recently started showing my blogroll again, so I’m unsure how long it’s been happening.

    After reading this blog (which was interesting) I’m now trying to pin point what in my blog is doing this. (I’ve got too many plugins, so that’s the obvious choice).

    I checked the theme’s code, and it’s clean. So I think one of my plugins also adds the advertising links, so now it’s a case of going through and working out which one will do it, and what specifically triggers it.

    Just wondering, has anything like this happened to anyone else before? Any advice that anyone could give?

Viewing 6 replies - 1 through 6 (of 6 total)

  • Did you check your theme’s functions.php?

    Any advice that anyone could give?

    Be very careful where you download your WordPress themes and plugins from. Here is a safer place to find WordPress add-ons:

    https://www.ads-software.com/extend/

    Thread Starter Indeedle

    (@indeedle)

    Yeah, I searched the entire theme and zip. I’m positive it’s not the theme.

    The trouble is, all of my plugins came from the WordPress plugin site you linked, which worries me. But I’m assuming it’s not possible by who (if, I don’t know) reviews the plugins to catch everything a plugin does.

    Thread Starter Indeedle

    (@indeedle)

    I found it. Surprisingly it wasn’t too hard to find, I downloaded all of my plugin & theme folders, then used the search files feature of Notepad++ to find “wordpressupplies” and it searched all of the plugin files and pulled it up.

    I will download the file stored on here to see if the same issue is in it first.

    Thread Starter Indeedle

    (@indeedle)

    So, a little bit of a DUH moment for me. The offending plugin was written by WordPressSupplies.

    Anyway, the plugin has this code at like #143

    if($wpdb->get_var("SELECT COUNT(link_id) FROM $wpdb->links WHERE link_url='https://wordpresssupplies.com/'")==0)
		wp_insert_link(array('link_name' => 'Wordpress Themes', 'link_url' => 'https://wordpresssupplies.com/', 'link_description' => 'Download Free WordPress Themes and Plugins' ));

    I downloaded and checked the copy on their own website as well as checking the hosted version and both were the same. The WordPress hosted version also does the same thing.

    Personally I think modifying someone’s blogroll without their knowledge is outside the scope of what a plugin should do, especially since it’s supposed to suggest tags for you and that’s all it’s advertised as.

    A plugin that does this and doesn’t have it in the description is tantamount to a WordPress virus or at least minimally adware. I think all their plugins should be removed from the WordPress site.

    Copperblade, I totally agree. And I wrote a post on this. Find it here https://www.ads-software.com/support/topic/275289?replies=1

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Vicious Plugin’ is closed to new replies.

Tags