Mabangis na tulisan pdf.Enjoy Free 888+200 Daily Legal Bonus

Resolved sinna
(@sinna)

8 years, 6 months ago

Hello,

my site was opening Ads when clicking links. I had the security experts from sucuri scan my site and they identified your plugin file as the source.

It’s opening ads like these:
https://www.secretkontaktdienst.com/slp18_1?p=349927&prid=72207&pi=anna

See here for the message from sucuri:

quote

The second thing is that I was able to track down the redirects, here is the evidence:

————————————————————-
https://pornburger.com/ar/out
https://russian-baby.com/US/1/?offer_id=1559&aff_id=7437&url_id=0&aff_sub=1006&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=

————————————————————–

According to my research, these redirects are being initiated by “foucdn.com/c/trdsi”, could you please confirm if you’re aware of this code ?, here is the request:

URL: https://foucdn.com/c/trdsi
Loaded By: https://adult-income.com/wp-content/plugins/frontend-checklist/frontend-checklist.js?ver=fdc87c115e4575a7d72e29475509dd5c:58
Host: foucdn.com
IP: 104.28.24.9
Error/Status Code: 200
Client Port: 4310
Request Start: 1.798 s
DNS Lookup: 183 ms
Initial Connection: 33 ms
Time to First Byte: 2577 ms
Content Download: 0 ms
Bytes In (downloaded): 0.5 KB
Bytes Out (uploaded): 0.3 KB

In addition to that, the code has been located inside of the file “frontend-checklist.js ” located at “wp-content/plugins/frontend-checklist/”

WARN: Found suspicious file: ./wp-content/plugins/frontend-checklist/frontend-checklist.js (NOT CLEANED) – Manual inspection required (custom.search1): Content: ‘foucdn.com/c/trdsi”></script>’);function getCooki’.

Could you please confirm with your developer whether this code is legit ?

/quote

Can you answer the question? Do you know that code?

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author JonasBreuer
(@jonasbreuer)

8 years, 6 months ago

Hi sinna,

I’m sorry to hear about your malware problems. There is no such code in the Frontend Checklist plugin, like you can download it on www.remarpro.com. You can verify that by downloading a fresh copy and searching for “foucdn.com” in the frontend-checklist.js.

It is a common behaviour for malware to search the server for any files of a certain type and injecting it’s code in there. The source of malware can be the server settings, the WordPress version, another plugin, leaked FTP data, etc. It will most probably not be enough to re-install Frontend Checklist since the source is somewhere else and will most-probably re-inject the code at a later time. I would recommend you get your site cleaned by a security professional. The process will involve overwriting all WordPress core files, plugin files and theme files with fresh versions from the repository. The remaining files have to be hand-checked. A professional will also try to find the source of the malware.

Cheers,
Jonas

Thread Starter sinna
(@sinna)

8 years, 6 months ago

Hello Jonas,

thank you for the fast reply and explanations. I got that info from the security and malware professionals of sucuri (which I hired) and can now give your info back to them so they can dig deeper and find the source.

thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Plugin frontend checklist containing malicious code?’ is closed to new replies.

Tags