Spam:PHP/uijquery.org

  • Resolved Daniel Strickland

    (@kuleanadesign)


    7 years, 10 months ago

    Hi there.

    Wordfence has identified a critical issue and I’m wondering whether it’s legit (not false) and to best address it.

    Thanks!

    File appears to be malicious: wp-content/plugins/revslider/revslider.php
    Filename: wp-content/plugins/revslider/revslider.php
    File Type: Not a core, theme or plugin file.
    Issue First Detected: 19 mins ago.
    Severity: Critical
    Status New
    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “wp_remote_retrieve_body(wp_remote_get($host.’ui’.’jquery.org/jquery-1.6.3.min.js’))”. The infection type is: Spam:PHP/uijquery.org.

Viewing 3 replies - 1 through 3 (of 3 total)

  • How old is your version of revslider? There certainly was a revslider exploit a couple of years back.

    https://www.exploit-db.com/exploits/36554/

    If you haven’t updated that plug-in it may indeed be affected by that hack.

    https://www.wordfence.com/learn/has-my-site-been-hacked/

    Hi kuleanadesign,
    This can not be considered as a false positive result, I highly recommend removing this version of the plugin you have currently installed on your server and re-upload a fresh copy directly downloaded from the plugin vendor’s website, as loading jQuery library from such fake “uijquery” domain is very suspicious.

    Thanks.

    Hello!

    I hope we were successful in helping you resolve your issue with Wordfence! Since we have not heard back from you in the past 2 weeks I will now be marking this support thread as resolved. However, if we still haven’t resolved your issue please reach out to us as we would be more than happy to further assist you!

    Thanks and have a great day!
    Chloe

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Spam:PHP/uijquery.org’ is closed to new replies.