- This topic has 7 replies, 2 voices, and was last updated 5 years, 7 months ago by
.
Viewing 8 posts - 1 through 8 (of 8 total)
Viewing 8 posts - 1 through 8 (of 8 total)
These forums are now closed and remain for historical purposes.
None of the content applies to the new version 3. For support, get in touch via our contact form.
Trevor.
One of the security scanning services we use on our site just sent us a warning saying that it found a Known Exploit Fingerprint Match in our /public_html/wp-content/plugins/search-filter-pro/admin/assets/js/class.plugin-modules.php file.
On looking in this file, we can see a pile of references to a site called http://www.garors.com (some lines are live and some are commented out).
Can anyone here confirm if this is expected?
G’day Trevor,
Thanks for the quick reply.
Hmm, I just checked and we didn’t seem to have received any notices about renewing, so I have just manually logged in and renewed the support.
We are running v2.4.5
I have uploaded the file in question here: https://1drv.ms/u/s!AkVfqWByhngGiJEb31ix0mM-UirMBQ
Let me know if there is any other data I can help provide.
Many thanks,
Nigel
Oh, no!
It appears that the 3 x folders that are infected on our server are all search-filter-pro folders.
search-filter-pro/admin/class.plugin-modules.php
search-filter-pro/admin/assets/js/class.plugin-modules.php
search-filter-pro/admin/assets/css/class.plugin-modules.php
Can you please assist with how this injection might have happened on our server as it appears to have come in through the SFP plugin.
Hi Trevor – we have found the root cause of this and thought you might want to know.
Whilst troubleshooting the problems we are having with Search Filter Pro (another ticket that Ross is working on), one of our developers downloaded the latest version of the plugin and uploaded it to our site.
However, the problem is that he downloaded it from a site other than yours which is currently hosting an infected version of your plugin zip file.
You can replicate what happened by:
1) Going to Google
2) Searching for “download search filter pro”
3) The first result (at least for us) is from downloadfreethemes.co
4) Download the file in a sandbox environment
5) You will see that extracted zip file has the 3 x extra malicious files stored in there
Not sure if there’s anything you can do about it on your end aside from reporting the site to Google as hosting illegitimate versions of your software, but thought you would like to know.
Let us know if you need any more information.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
We also use cookies to store items in your cart as well as allowing your to login on the site.
You can adjust all of your cookie settings by navigating the tabs on the left hand side.
By continuing to use this site, you also agree to our Privacy Policy.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
*Other cookies used for logging in and cart functions will only be used when you use those features and cannot be disabled.
If you disable these cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
More information about our Cookie Policy