• Could you explain what the intention was/is of the backdoor script, which wordfence states allows admin access to websites using the plugin, also, what are the intentions for the future, will you now pull the plugin as it has been revealed it’s assume real intention or will it continue to be available, but backdoor free?

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Yes, I wish WordPress would make a public statement on it. Nothing but crickets so far…

    David

    (@vanguardbookkeeping)

    There are links between this plugin and Maison Souza – who buys plugins to repurpose them.
    https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/?utm_source=list&utm_medium=email&utm_campaign=121917

    You should avoid touching anything related to him, including these which has the same back-door code :
    – Covert me Popup
    – Death To Comments
    – Human Captcha
    – Smart Recaptcha
    – Social Exchange

    https://www.wordfence.com/blog/2017/09/man-behind-plugin-spam-mason-soiza/?utm_source=list&utm_medium=email&utm_campaign=091317

    From Wordfence…

    What We’ve Done So Far

    As of this writing, we’ve created three firewall rules in total to protect our users’ sites from the backdoor installation. Premium customers received the first two rules on December 8th and the third one on the 14th. These rules also protect against the backdoor itself executing in Captcha as well as in the five other plugins available for download on simplywordpress.net. Free users will receive these rules 30 days from the original publish date via the community version of the Threat Defense Feed.

    We have also been working with the www.remarpro.com plugins team to get out a patched version of Captcha (4.4.5) that is backdoor-free. The plugins team has used the automatic update to upgrade all backdoored versions (4.3.6 – 4.4.4) up to the new 4.4.5 version. Over the course of the weekend over 100,000 sites running versions 4.3.6 – 4.4.4 were upgraded to 4.4.5. They have also blocked the author from publishing updates to the plugin without their review.

    Our Recommendations

    We recommend that you uninstall the Captcha plugin immediately from your site. Based on the public data we’ve gathered, this developer does not have user safety in mind and is very likely a criminal actor attempting yet another supply chain attack. You should also ensure that you’ve enabled automatic updates within WordPress – that’s still one of the best ways to keep your site secure before disclosures like this take place. We also recommend using the Premium version of Wordfence, to proactively defend your site against threats like this one.

    The most viable alternative seems: ‘Really Simple CAPTCHA‘ (By Takayuki Miyoshi, creator of ‘Contact Form 7’ and compatible with it)

    Greetings!

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    Hello, please read the entire original post. We worked with Wordfence last week to clean up the plugin and pushed it out as an automatic update.

    They explained this in their post.

    Version 4.4.5 is safe and you probably already have the update.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence Backdoor Warning’ is closed to new replies.