[Plugin: Achievements for BuddyPress] Possible exploit – Unknown link has been inserted

See your .htaccess and your .php files as your blog might be the target of an Perl/Shellbot attack.

I have had those kind of issues with several blogs last weeks, but I can’t tell is a plugin or wordpress related issue.

Maybe one of your ftp users got hacked or you server’s security is not hardened enough.

Please keep me updated as I am interested in this too.

Many FREE plugins and templates have injection code that will insert ads or links in your site. The code can be encrypted in PHP or javascript and can be quite hard to find. I would suggest scanning a plugins source code for any unusual code as they sometimes randomize the display of these ads/links and included external files.

If you find what appears to be an encrypted string post a question about it in the plugin or template page to make more people aware of the issue.

so rule of thumb, if something is encrypted ask yourself why; what are they hiding and do you really want this potentially dangerous code running on your site.

Also of note, if you happen to download cracked or stolen Plugins or Templates, the pirates have a tendency to add their own code. So just don’t bother with that stuff, it’s seriously more trouble than it’s worth.

I have no awareness of any security issues. If you were able to figure out if this definitely was Achievements, and that it persisted when you deleted the plugin and reinstalled it from www.remarpro.com, I’ll investigate.