[Solved] javascript vulnerabilities?
I've just spent the last 3 days cleaning up hacked sites and malware that both use wp-checkout -- one upgraded to current version, one not -- google banned a site and targeted js in the plugin. Are you guys aware of anything -- is anyone else having issues?
Comments
again today - after installing clean files, wp-checkout js files have been hacked.
@intricateartist
Thank you for your posts and sorry to hear about the inconvenience of this.
I will assist you to resolve the problem asap.
We are not aware of any Javascript vulnerabilities in the plugin.
I assume if Javascript files are hacked that the hack is actually coming from somewhere else.
I can help you here but depending on sensitive information or not, best would be if you submit a ticket to us and attach the hacked file and provide information on the hack, please. You can submit the ticket here: http://tribulant.com/support/
I look forward to hearing from you to assist you with this in our help desk.
I've replaced the plugin files twice, locked down & changed passwords - so far so good.
@intricateartist
Ok that's good to hear.
Please post back if it occurs again.
I highly recommend that you install a security plugin on your WordPress site to prevent any further hacks or problems related to security.
I have another (new) issue on another client site with wp-checkout. I've installed Wordfence, changed all passwords, replaced all core files and theme files, installed a clean set of wp-checkout files then had an upgrade nag, so upgraded through the admin panel. I ran a new wordfence scan and there are 7 errors, all of them in the wp-checkout plugin files. Here's one:
File appears to be malicious: wp-content/uploads/wp-checkout/suppliers/alias.php
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "strtoupper($qV[4].$qV[3].$qV[2]".
is this a legit file/line? Should these be "ignored"?
@intricateartist
No, that is not a legitimate file, the plugin doesn't have such a file as
suppliers/alias.php
Please remove that file.
Did you see what I mentioned about installing a security plugin?
Can you please consider that as it will prevent hacks on your site.
See iThemes Security: https://wordpress.org/plugins/better-wp-security/
Yes, I installed wordfence.
@intricateartist
Great, that's good. It should protect you from malicious hacks and brute force attacks.
And please remove that malicious file.