Possible Malware – Failed Installation

  • newwebcreative

    (@newwebcreative)


    8 months, 3 weeks ago

    Earlier today I attempted to install the EZ SQL Reports Shortcode Widget and DB Backup plugin, but the installation failed with the message: Installation failed: Destination folder already exists.

    I decided to move on and find a different plugin. Later, when I logged into our hosting provider (SiteGround) to create a staging site, I saw a malware notice stating the site would be taken offline in 3 days unless it was resolved.

    SiteGround’s evidence pointed to this file (site path anonymized): /home/…/public_html/wp-content/plugins/elisqlreports/index.php

    I deleted the entire elisqlreports folder and requested a rescan. After several minutes, the malware warning cleared.

    Can you confirm whether this plugin has been compromised?

Viewing 1 replies (of 1 total)
  • Plugin Author Eli

    (@scheeeli)

    8 months, 3 weeks ago

    I have just verified that the current version available for download is the same code as when I released it. There is no malware in that code, so the plugin source has not been compromised. However, it is possible that the copy of the index.php file that you had in the folder public_html/wp-content/plugins/elisqlreports/ was somehow injected with malware on your server, maybe even before you tried to install my plugin, or this might have just been a false positive. Either way, I would love to take a look at the code that was in that file, and also any detailed reports from your hosting provider about what kind of threat they found in that file.

    Can you please p=contact me directly and help me get in contact with the SiteGround support team that you dealt with on this issue?

    eli AT gotmls DOT net

Viewing 1 replies (of 1 total)

The topic ‘Possible Malware – Failed Installation’ is closed to new replies.