New install of Matomo got flagged with malware by host

  • Resolved tom3535

    (@tom3535)


    2 years ago

    Hi,

    I installed a new instance of wordpress,I then installed matomo plugin. I activated it, when I click on the reporting menu in wordpress admin / matomo menu it goes to an error page. Aside from that my host SiteGround detects malware in the plugin when I run the security scan. I deactivated and deleted the matomo plugin, I run the security scan again and Siteground now says my website is clean and free from malware.

    Any idea on why this is happening? I have Matomo installed on many other wordpress sites without issue.

    Thank you!
    Tom

Viewing 12 replies - 1 through 12 (of 12 total)
  • Oriana

    (@oriana)

    Hi,

    Just wanted to add that I had the same issue a week ago (3/11/22). After installing and activating the Matomo plugin (on a fully up-to-date WP website hosted on Siteground), I got an error page and immediately got a message from Siteground saying that they had detected malicious code in the recently uploaded files – specifically in: ../wp-content/plugins/matomo/app/vendor/matomo/device-detector-regexes/bots.yml.

    The fatal error in WP mentioned this location: ../wp-content/plugins/matomo/app/vendor/matomo/device-detector/Parser/AbstractParser.php on line 300

    It would be good if you guys could look into this, as at the moment it seems you cannot use the plugin if the site is hosted on Siteground.

    Thanks,
    Oriana

    Thread Starter tom3535

    (@tom3535)

    What is strange is I have this running on 4 or 5 other sites that use wordpress and siteground. They were all installed over 2 weeks ago, I think what ever the last update of wordpress or matomo plugin causes some sort of issue when it is installed. I do have the latest versions running on the other sites without issue.

    lancematomo

    (@lancematomo)

    Hey tom3535 and Oriana,

    I’m sorry you are having trouble with the Matomo plugin.
    It sounds like the Siteground site scanner is wrongly identifying the bots.yml file and possibly quarantining it which then then stops parts of the plugin working.
    I found a document about disabling the quarantine feature:
    https://www.siteground.com/kb/siteground-site-scanner/#File_upload_quarantine
    Hopefully that will make the plugin work.

    If you have any other information from Siteground on why this file was flagged we can see if we can update something from our end. Also you might want to raise this issue with Siteground to see if they have a fix on their side.

    Kind regards,
    Lance

    Thread Starter tom3535

    (@tom3535)

    Hi Lance,

    It wasn’t just siteground that flagged it. I originally got the flag from Google Search Console. That is what made me go to Siteground to do a security scan.

    Siteground did not quarantine the file, I enabled the security scan after I realized I had an issue to help me find the issue. I deleted matomo plugin and the scan and google both came back clean once Matomo was removed.

    I am not sure Siteground is part of the issue or if it is a coincidence we both have them as a host. Again, Google Search Console is the one who originally found the threat.

    Tom

    lancematomo

    (@lancematomo)

    Hey Tom,

    Yes is sounds like an update to the list of crawlers that we check in this file:
    wp-content/plugins/matomo/app/vendor/matomo/device-detector-regexes/bots.yml

    is causing the issue, we suspect that the malware detectors are seeing a url in that file that they think is suspicious. This particular file shouldn’t be publicly available on your site so Google search console shouldn’t be able to access it, I’m not sure why it can. We are still looking into this one.

    Kind regards,
    Lance

    Thread Starter tom3535

    (@tom3535)

    Thanks Lance, Please let us know when it has been resolved, would love to get Matomo installed and working!

    Tom

    huskii

    (@huskii)

    Any updates about this issue? ??

    Plugin Support varunmatomo

    (@varunmatomo)

    Hi @huskii sorry for the delay. We are still currently looking into this and will provide an update when available.

    Hello @tom3535 @huskii @oriana

    Could you please email us your system report available from the “Matomo Analytics > Diagnostics” menu to [email protected]?

    Kind regards

    Mat

    Hello @tom3535 @huskii @oriana

    Any chances you read my previous comment?

    Also, I wonder who is your hosting provider and if they use a proxy cache like Ngnix?

    Kind regards

    Mat

    Hi @mattmary

    Apologies, I completely missed your messages until now.

    Unfortunately I cannot provide the diagnostic report as I don’t have Matomo installed (I removed it back In November as soon as some code in the plugin was flagged as malicious).

    As for your other question, my site is hosted with Sitegorund and they do indeed use NGINX Direct Delivery. Here is the description they provide:

    “With NGINX Direct Delivery we will serve most of the static resources of your website (images, JS, CSS and others) directly through NGINX to achieve the fastest possible loading time. It works for all kind of applications without additional customisation.

    For best results we highly recommend having NGINX Direct Delivery enabled at all times. However, if you need to use custom caching .htaccess rules for your static content you may need to switch it off.”

    Hope this helps,
    Oriana

    Plugin Support emermatomo

    (@emermatomo)

    Hi @oriana Thanks for getting back to us. If in the future, you install Matomo plugin again and have issues. Please don’t hesitate to reach back.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘New install of Matomo got flagged with malware by host’ is closed to new replies.