Vaultpress security alert

  • Resolved Earl_D

    (@earl_d)


    8 years, 5 months ago

    After installing the latest version I received this security aler from vault press
    DES.php
    /wp-content/plugins/wp-mail-smtp/vendor/phpseclib/phpseclib/phpseclib/Crypt
    Generic.Hidden.Code.2
    This file contains suspicious hidden code, and should be checked for recent changes, or malicious code. Often hackers try to hide their hack attempts by obfuscating their attack code, to make it harder to detect. VaultPress has detected a string of suspicious characters in this file. Please check your backup history for recent changes to this file, or contact a Safekeeper if you are unsure.
    Repair Threat
    Ignore Threat
    1 File Affected
    Code identified Showing pre-processed file

            $block = ($shuffleip[ $r        & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") |
700
                 ($shuffleip[($r >>  8) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") |
701
                 ($shuffleip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") |
…
739
        return ($shuffleinvip[($r >> 24) & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") |
740
               ($shuffleinvip[($l >> 24) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") |
741
               ($shuffleinvip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") |
…
1220
            $key = ($this->shuffle[$pc1map[ $r        & 0xFF]] & "\x80\x80\x80\x80\x80\x80\x80\x00") |
1221
                   ($this->shuffle[$pc1map[($r >>  8) & 0xFF]] & "\x40\x40\x40\x40\x40\x40\x40\x00") |
1222
                   ($this->shuffle[$pc1map[($r >> 16) & 0xFF]] & "\x20\x20\x20\x20\x20\x20\x20\x00") |
…
1374
                        ($shuffleip[ $r        & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") |
1375
                        ($shuffleip[($r >>  8) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") |
1376
                        ($shuffleip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") |
…
1417
                    ($shuffleinvip[($l >> 24) & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") |
1418
                    ($shuffleinvip[($r >> 24) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") |
1419
                    ($shuffleinvip[($l >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") |
Showing pre-processed file
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Jared Atchison

    (@jaredatch)

    8 years, 5 months ago

    Hey Earl_D,

    Thanks for reaching out!

    I can assure you your site is safe and there is no nefarious code in the latest plugin update 🙂

    That code in reference is included in the plugin because it’s a dependency of the Google API we use.

    We’ve created an issue on GH for it where you can read more details.

    https://github.com/awesomemotive/wp-mail-smtp/issues/79

    We’ll be investigating to see if it’s something we can safely remove in a future update, to prevent these warnings from the different security scanners. Until then, you can ignore that error and know there’s nothing suspicious going on!

    Thanks.

    stardaug

    (@stardaug)

    8 years, 5 months ago

    I received the same warning from Vaultpress!!! Virus possible hack.

    Plugin Contributor Jared Atchison

    (@jaredatch)

    8 years, 5 months ago

    This is fixed in the next release 🙂

    dknut

    (@dknut)

    8 years, 5 months ago

    Also in my sites: same warning from Vaultpress!!! Virus possible hack.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Vaultpress security alert’ is closed to new replies.

Tags