Hi @beachlizard,
Could you send more information to support[at]really-simple-ssl.com. For now, it doesn’t really mean anything to us, as most of these scans return false positives.
We will have a look, but sharing more information on this forum would be unwise,
regards Aert
In addition to that: There is no malware in the plugin as available on the repository.
If you can send us the actual snippet that triggered this we can tell you if it’s a false positive, or if you need to install a fresh copy from the repository.
This is a false positive due to existing malware infecting other files on the server. In this case, it would be advised to install all themes and plugins from their original source again, including WordPress.
Do not use any nulled, or plugins obtained from other sources than its author.
Refer to this link for more information https://www.malcare.com/blog/wp-vcd-php-malware-removal/
This topic will be closed.
My hosting provider sent me the same notification on 3 websites. And now I cannot acces to WP-admin.
I was dealing with the same problem yesterday. I couldn’t access to wp-admin.
Really simple ssl plugin was updated to the latest version but it was buggy. I manually downloaded the plugin from ww.wp.xz.cn and problem is solved.
Glad to hear that installing the plugin from the repository resolved your issue. If you have any questions, let us know.
But how can there be malware in your plugin when I always updated via wordpress admin. It can’t be a coincidence that it appeared on more than 5 sites.
A malware injection usually comes from another plugin or theme, to hide the origin of the injection. For this reason it is always important to update all other plugins and themes on the site as well, and remove any nulled plugins as well, which are often the source of such issues.
As you said, restoring the plugin to the original files from WordPress resolves the issue. The plugin on the repository does not contain any injected code. This means that the code has to be injected on your site.
Just had contact with BitNinja. It appears that BitNinja has a bug in their malware scanner, incorrectly reporting a malware infection in Really Simple SSL.
We have been in contact with BitNinja and they have confirmed this is a FALSE POSITIVE and are working on a fix.
In the meanwhile you can restore the the deleted files from the BitNinja dashboard or via CLI. If you have any further questions regarding this issue you can contact BitNinja support.
Hope this explains!
Hi @jarvindesign,
BitNinja falsely reporting malware in Really-Simple SSL.
Malware scanner BitNinja is currently incorrectly reporting a malware infection in Really Simple SSL. We have been in contact with BitNinja, and they have confirmed this is a FALSE POSITIVE and are working on a fix.
In the meanwhile, you can restore the deleted files from the BitNinja dashboard or via CLI. If you have any further questions regarding this issue, you should contact BitNinja support at: [email protected].
Really Simple SSL support.
Same problem here and its not looks like False positive. Our host send us this waring for 3 websites: public_html/wp-content/plugins/really-simple-ssl/class-admin.php Malware {SA-SNIPPET}PHP.Snippet.ecploit
Login to wp admin was not working (only white blank screen). After renaming Really simple folder via FTP, all starst works.
File class-admin.php was modified and there was lot of new code startet with this:
<?php
/** no direct access **/
defined(‘MECEXEC’) or die;
use ICal\ICal;
/**
* Webnus MEC main class.
* @author Webnus <[email protected]>
*/
class MEC_main extends MEC_base
{
/**
* Constructor method
* @author Webnus <[email protected]>
*/
public function __construct()
{
}
/**
* Returns the archive URL of events for provided skin
* @author Webnus <[email protected]>
* @param string $skin
* @return string
*/
public function archive_URL($skin)
{
return $this->URL(‘site’) . $this->get_main_slug() . ‘/’ . $skin . ‘/’;
}`
If your host is bitninja, please contact them about this.
Otherwise I would recommend to re-install all plugins from the repository. Please make sure all plugins, themes and WordPress are updated to the latest version.
