Malware injection attributed to Download Manager
-
URGENT: My WP sites hosted on HostGator were compromised and hijacked to redirect to a Russian site (mobile only).
Hostgator support state that Download Manager plugin was exlpoited and used to place malware on the account, and recommend I contact the developer to see if there is a fix, or remove the plug. I don’t want to do the latter as I rely on it heavily. I was on 2.7.82, and am updating to 2.7.83, but see no mention of this issue being addressed. Looking forward to a reply ASAP.
Below is from Hostgator support:
“We have reviewed this matter and found that a hacker placed malware on the account which allowed them to make changes to the site. After further investigation, it appears that your “Download Manager” plugin was exploited and used to place malware on the account. The plugin has a file upload function which allows for new images to be uploaded however the code does not verify that the files being uploaded are actually images. This allows hackers to exploit the uploader and upload malware to the account. We recommend that you contact the developer of the plugin to see if they have newer version of the plugin available where this exploit is patched. Please note that if you do not update or remove this plugin for all of your sites, it can lead to the account being compromised again. Simply disabling the plugin will not work to resolve this issue, as the files will still be present on the account. “
- The topic ‘Malware injection attributed to Download Manager’ is closed to new replies.
