58jili register.Enjoy Free 888+200 Daily Legal Bonus

It is not safe it is an open door to attack

karlosiglesiasmontes — Fri, 07 May 2021 09:41:32 +0000

I have received notice from my server of malicious files specifically in this plugin. I have reinstalled the completely clean web and again I suffer attack through this plugin.

Reply To: It is not safe it is an open door to attack

Robert Noakes — Fri, 07 May 2021 13:56:42 +0000

@karlosiglesiasmontes,

If possible, could you please send me a copy of that report? If my plugin is insecure, I’d definitely like to get that resolved.

Thank you,
Robert

Reply To: It is not safe it is an open door to attack

karlosiglesiasmontes — Fri, 07 May 2021 15:27:52 +0000

2 days ago, the server where I have my website (www.ionos.es) sent me several emails informing me that its system had detected malicious code and they referred me to a .log file so that I could delete or clean those files.

That same day I decide to delete all the content and reinstall a backup with wp 5.7.1 and all the updated plugins.

I call the server in case they can check the web and they tell me that the system does it automatically every x time and that if it is clean I will not receive any more reports.

After a day another notice comes to me and looking at the .log I suspect that the problem comes from the nav-menu-collapse plugin. I don’t think the .log will help you much to solve the problem, I have removed the plugin and for the moment everything is fine.

I hope you find a solution.

foto .log

Reply To: It is not safe it is an open door to attack

Steven Stern (sterndata) — Fri, 07 May 2021 15:39:02 +0000

This is not a review; I’m moving to to this plugin’s support area.

Reply To: It is not safe it is an open door to attack

Robert Noakes — Fri, 07 May 2021 15:57:17 +0000

Thank you, @sterndata!

@karlosiglesiasmontes,

Looking at the log, none of the files in question are included with the plugin. Luckily for me, it doesn’t look like my plugin is the issue. I’m not a security expert, but I believe you should change all of your passwords (hosting, WP, etc.) and remove all infected files from the server. You may also want to install Wordfence and run a scan to find any other possible infections.

Robert

Reply To: It is not safe it is an open door to attack

karlosiglesiasmontes — Fri, 07 May 2021 16:23:48 +0000

I know that the malicious .log files are not from your plugin, they are infected, but I believe that somehow the malware has used the plugin as a gateway. I have already commented that I have deleted all the content of the web (everything, including the database) and I have installed a backup copy from scratch eliminating its plugin and my website is clean of problems.

I cannot 100% say that the problem is your plugin because I am not a specialist but in the .log file your plugin only appears as infected by one of those malicious files.

If you are sure that your plugin is 100% safe without the need to install Wordfence, I am sorry I made the comment, I thought it was helping.

Reply To: It is not safe it is an open door to attack

Robert Noakes — Fri, 07 May 2021 16:31:14 +0000

I follow WordPress security guidelines as closely as possible during development, but I’m not a security specialist either. ?? I would still recommend a Wordfence scan to see if there are any other malicious files hiding in the site.

Reply To: It is not safe it is an open door to attack

karlosiglesiasmontes — Fri, 07 May 2021 16:36:15 +0000

OK thank you