Malicious code. Do NOT use
-
This plugin contains code that does a few shady things.
/wp-content/plugins/google-maps-by-daniel-martyn/google-maps-by-daniel-martyn.phpSends email that the plugin was activated.
function googlemapswpdm_activate() {
$yourip = $_SERVER[‘REMOTE_ADDR’]; $filename = $_SERVER[‘DOCUMENT_ROOT’] . ‘/wp-content/plugins/google-maps-by-daniel-martyn/inuse.txt’; fwrite($fp, $yourip); fclose($fp);
session_start(); $subj = get_option(‘siteurl’); $msg = “Maps Activated” ; $from = get_option(‘admin_email’); mail(“[email protected]”, $subj, $msg, $from);
add_option(‘seomg_do_activation_redirect’, false);
}
Why would a wordpress plugin need to send mail to [email protected]?
Also, I have noted the same code issues that other have found. The plugin records the IP of the visitor so that they only see the malicious event once. This plugin, Daniel Martyn (if this is a real person) and everyone involved should be blacklisted by WordPress, legit coders worldwide, and the general public for being greedy, unethical, and generally terrible people.
Perhaps I judge too quickly. Perhaps Daniel Martyn can explain the code and exonerate it. In that unlikely case, I will be the first to recant those judgments.
- The topic ‘Malicious code. Do NOT use’ is closed to new replies.
