Plugin malware files crashed admin page access

  • Hi,

    Yesterday we had a serious malware threat to our website caused by several files located inside: /plugins/wp-mail-smtp/vendor/

    The infected files made it impossible to login to our wp-admin page, as it would automatically redirect to the following website: https://erealitatea.net/wp-login.php?redirect_to=http%3A%2F%2Fwww.mywebsite.pt%2Fwp-admin%2F&reauth=1

    To fix this problem we had to do a major restore of the website.

    This is the first time this happened and so far we’ve been really happy with the plugin performance, but due to this event we had to uninstall it.

    Can you please look into this and give us some feedback so we know it’s safe to reinstall this plugin?

    Thank you and kind regards,
    Luís

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Slava Abakumov

    (@slaffik)

    Hi @underthecover,

    Thanks for the report.
    I will review once again is this possible to inject files through the WP Mail SMTP plugin. But you should be aware, that any insecure plugin will allow hackers to put any files in any place on a site, so this might not be relevant to WP Mail SMTP at all.

    Is there any chance that you preserved the files that were injected in vendor directory? I would like to investigate them.

    Thread Starter underthecover

    (@underthecover)

    Hi @slaffik ,

    Thanks for getting back to me.
    I completely understand, even though all my plugins are all up to date and with no signs of alarm.

    I don’t have access to a laptop until next week, all I can send you now is the files names:

    /home/nu1yoo3l/public_html/wp-content/plugins/wp-mail-smtp/vendor/google/apiclient-services/src/Google/Service/Gmail/Resource/cron.php
    /home/nu1yoo3l/public_html/wp-content/plugins/wp-mail-smtp/vendor/monolog/monolog/src/Monolog/Formatter/embed.php
    /home/nu1yoo3l/public_html/wp-content/plugins/wp-mail-smtp/vendor/monolog/monolog/src/Monolog/Handler/json.php
    /home/nu1yoo3l/public_html/wp-content/plugins/wp-mail-smtp/vendor/monolog/monolog/src/Monolog/Processor/info.php
    /home/nu1yoo3l/public_html/wp-content/plugins/wp-mail-smtp/vendor/psr/log/Psr/Log/date.php

    Is this helpful at all? Thanks in advance for your help and support.

    Plugin Author Slava Abakumov

    (@slaffik)

    Yes, it’s helpful, thank you for paths/filenames.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Plugin malware files crashed admin page access’ is closed to new replies.

Tags