Malicious Files

  • Post date

Home Forums Calendar Products Events Calendar PRO Malicious Files

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • August 7, 2017 at 8:58 pm #1331914
    gchead
    Participant

    Hi There,

    Our hosting company has sent us the following report of malicious files, some of which appear to be related to the Events Calendar Plugin.

    Can you please confirm if it is OK to delete these as he recommends?

    Many thanks,

    Geoff
    ———- Forwarded message ———-
    From: Domains4less Support <[email protected]>
    Date: 8 August 2017 at 15:20
    Subject: [#BFX-108-88085]: Capital Blues Website Down
    To: [email protected]

    Hi Geoff,

    Thanks for your patience.

    The website should be back up. It was missing a file from the WordPress installations’ core. I’ve reinstated it.
    (/var/www/vhosts/capitalblues.co.nz/httpdocs/wp-includes/class-wp-user-meta-session-tokens.php)

    It looks as though this issue was caused because the website has been compromised.

    I’ve scanned the website and the following files are malicous and should be removed as soon as possible by yourself or your web developer to ensure this issue does not reoccur.

    ./wp-content/plugins/email-address-encoder/accepted.throws.php
    ./wp-content/plugins/the-events-calendar/vendor/jquery-placeholder/suspected.lock.php
    ./wp-content/plugins/the-events-calendar/vendor/php-date-formatter/js/tmp.library.php
    ./wp-content/plugins/the-events-calendar/vendor/clients.reset.php
    ./wp-content/plugins/the-events-calendar/src/Tribe/Google/include.admin.php
    ./wp-content/plugins/the-events-calendar/src/Tribe/Google/accepted.lock.php
    ./wp-content/plugins/the-events-calendar/src/Tribe/Asset/media.php.php
    ./wp-content/plugins/the-events-calendar/src/Tribe/Dates/lock.clases.php
    ./wp-content/plugins/the-events-calendar/src/Tribe/Admin/Bar/media.images.php
    ./wp-content/plugins/the-events-calendar/src/Tribe/REST/Interfaces/png.type.php
    ./wp-includes/gateway.css.php
    ./wp-includes/sess.css.php
    ./wp-includes/suspected.http.php
    ./wp-admin/css/colors/content.fail.php
    ./wp-admin/css/colors/201.406.php
    ./wp-admin/css/colors/coffee/tools.exceptions.php
    ./wp-admin/css/colors/coffee/clases.work.php
    ./wp-admin/css/colors/coffee/302.201.php
    ./wp-admin/css/colors/coffee/work.init.php
    ./wp-admin/css/colors/ocean/509.modes.php
    ./wp-admin/css/colors/ocean/types.types.php
    ./wp-admin/css/colors/ocean/http.416.php
    ./wp-admin/css/colors/ocean/cache.db.php
    ./wp-admin/css/colors/midnight/accept.php.php
    ./wp-admin/css/colors/midnight/507.lib.php
    ./wp-admin/css/colors/ectoplasm/modes.system.php
    ./wp-admin/css/colors/ectoplasm/created.exception.php
    ./wp-admin/css/colors/ectoplasm/processor.lock.php
    ./wp-admin/css/colors/light/exceptions.session.php
    ./wp-admin/css/colors/blue/img.suspected.php
    ./wp-admin/css/colors/blue/500.416.php
    ./wp-admin/css/colors/sunrise/css.content.php
    ./wp-admin/css/admin.body.php
    ./wp-admin/css/bad.mode.php
    ./wp-admin/css/log.requests.php
    ./wp-admin/css/processor.load.php
    ./wp-admin/css/storage.image.php
    ./wp-admin/user/mode.init.php
    ./wp-admin/user/throws.library.php
    ./wp-admin/js/widgets/accepted.conflicts.php
    ./wp-admin/js/widgets/init.jpg.php
    ./wp-admin/js/widgets/class.conflicts.php
    ./wp-admin/js/widgets/302.423.php
    ./wp-admin/js/widgets/images.images.php
    ./wp-admin/js/widgets/206.method.php
    ./wp-admin/uploader/types.cache.php
    ./wp-admin/uploader/xml.log.php
    ./wp-admin/uploader/throws.images.php
    ./wp-admin/includes/503.process.php
    ./wp-admin/includes/tool.417.php
    ./wp-admin/includes/304.404.php
    ./wp-admin/includes/409.library.php
    ./wp-admin/includes/json.jpeg.php
    ./wp-admin/images/include.loading.php
    ./wp-admin/images/data.log.php
    ./wp-admin/maint/fail.method.php
    ./wp-admin/network/process.accept.php
    ./wp-admin/network/method.xmlrpc.php

    Let me know if you need any further details.

    Regards,
    Daniel

    August 8, 2017 at 8:14 pm #1332572
    Geoff B.
    Member

    Good evening Geoff and welcome back!

    Thank you for reaching out to us.

    We are sorry to hear about malicious files ending up on your site.
    I would love to help you with this topic.

    By the sounds of that email, your WordPress install was compromised.
    In turn that might have resulted in several files being “taken over” or corrupted.

    Several of the above mentioned files actually belong to WordPress’ core.

    Although it is possible that they have been infected, simply deleting them will most likely “break something”.

    The safe way to tackle this is to “delete and replace”.

    For example, after deactivating the Events Calendar and the Events Calendar Pro, you can safely delete all files found in ./wp-content/plugins/the-events-calendar/

    Simply reinstall our plugin from scratch and you will be sure that you have brand new non-infected files.

    The same principle applies to the other recommended files.

    Let me know if that helps.

    Have a great day!

    Geoff B.

    August 30, 2017 at 9:35 am #1342468
    Support Droid
    Keymaster

    Hey there! This thread has been pretty quiet for the last three weeks, so we’re going to go ahead and close it to avoid confusion with other topics. If you’re still looking for help with this, please do open a new thread, reference this one and we’d be more than happy to continue the conversation over there.

    Thanks so much!
    The Events Calendar Support Team

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • The topic ‘Malicious Files’ is closed to new replies.