infection or hack

Resolved reachweb08
(@reachweb08)

10 years, 4 months ago

hi i have this message in my word press
“Warning: base64_decode() has been disabled for security reasons in /home/voiptalk/public_html/wp-content/plugins/wysija-newsletters/models/config.php on line”
and have deleted plugin etc and reinstalled and same happens
i have several sites using this plugin and only one is affected
i did a google search and found several ther sites with same problem including this one http://www.mailpoet.com/security-update-part-2/
this page was blocked by my avast so i did online scan test here is result:-

Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
<p>Unless you want to study how and when you got hacked.</p>
*Known javascript malware. Details: http://sucuri.net/malware/entry/MW:JS:GEN2?v19
– scanning files of all the ftp containing “eval(base64_decode($_POST” code

hope you get this fixed soon
regards martin

https://ww.wp.xz.cn/plugins/wysija-newsletters/

Viewing 6 replies - 1 through 6 (of 6 total)

Thread Starter reachweb08
(@reachweb08)

10 years, 4 months ago

i solved my issue i uploaded the original file i downloaded a few weeks ago and activated and it worked fine

Wysija
(@wysija)

10 years, 4 months ago

Glad to know!

x9a3k
(@x9a3k)

10 years, 4 months ago

This issue is affecting the latest version of MailPoet.
One of our clients websites have been compromised repeatedly to send out spam despite us using the latest version.
Using “Wordfence Security” was able to detect all infect files and remove them.

Despite reinstalling the latest version it has been compromised multiple times. The issue persisted until we finally removed the MailPoet plugin.

Wysija
(@wysija)

10 years, 4 months ago

We are aware of these. In this case, the problem is that these security plugins always warn about our usage of base64_encode functions. Most of the time, these breaches infect MailPoet’s file, but this doesn’t mean that MailPoet was the source of the breach.

Without proper logs and testing, we unfortunately cannot do much.

Since the security issue last summer, we have been working closely with several security companies. Our plugin has been audited several times since then and we exchange information with several professional security analysts on a regular basis.

We simply can’t pay attention to every message that says our plugin is infected. These issues can come from a variety of other sources. Rest assured, our plugin is very safe and we have closed every possible hole.

If you have a security question, please contact us directly with as much information as possible, here: https://support.mailpoet.com/contact/
Please use the Sales and Pre-sales question form.

x9a3k
(@x9a3k)

10 years, 4 months ago

@x9a3k @danielcid We haven’t been ignoring users’ complaints at all! We’re releasing a fix for very recently identified issues this week 🙂

— MailPoet (@mail_poet) January 27, 2016

Plugin Author MailPoet
(@mailpoet)

10 years, 4 months ago

Please note MailPoet 2.7 is out. Please update.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘infection or hack’ is closed to new replies.