Known Malware Site In Translation Files

Viewing 9 replies - 1 through 9 (of 9 total)

  • I’ve just had this too – Wordfence WP Security plugin has just alerted me –

    Wordfence found the following new issues :

    Critical Problems:

    * File contains suspected malware URL: /wordpress/wp-content/plugins/broken-link-checker/languages/broken-link-checker-ar_AR.po
    * File contains suspected malware URL: /wordpress/wp-content/plugins/broken-link-checker/languages/broken-link-checker-ar_AR.mo
    * File contains suspected malware URL: /wordpress/wp-content/plugins/broken-link-checker/readme.txt

    I don’t know much about language files, but I guess that the alert for the text file is a false positive ?

    I reverted back to the previous update (1.8) until this issue is corrected.

    yes – I should have said – I’ve had this plugin (and Wordfence Security) running together for many months and this is my first alert of this kind from anything.

    sk

    (@renegadesk)

    Same issue here

    It is sending out an alert about a URL, however that url does not link to any content in the plugin. It is simply a link back for the author of the translation files in question. It appears that whoever did the Arabic Translation has a url that is flagged for malware.

    If you are not using that translation simply remove the files in question and you will be fine. The plugin will still work and there will be no more alerts if you run a new scan.

    The author should remove that URL however to remove the problem.

    I will remove the link in the next release.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Do you have an ETA on when that would be? Generally we close them right away when those things are spotted, but if you’re going to have it done today, that’s okay.

    All right, I’ll have it up in a few minutes.

    The plugin itself does not actually use or display that link anywhere on the users’ site (it’s just .po/.mo metadata and a mention in readme.txt), so I originally assumed this was not a time-critical issue.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Some virus scanners (Kaspersky) will flag the site as malware because of it, so … it is a big deal.

    Also credit links on the readme are generally iffy anyway.

    “The plugin page (aka the readme.txt file) may not have “sponsored” links on it. Same goes for the translation files and any other linkback type schemes that will have content displayed on www.remarpro.com.”

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Known Malware Site In Translation Files’ is closed to new replies.