- This topic has 0 replies, 4 voices, and was last updated 6 years ago by
.
-
Posts
-
OK: Removing backdoor: ./wp-content/plugins/the-events-calendar/favicon_c9a05e.ico
CLEARED: Cleared suspicious malware from file: ./wp-content/plugins/the-events-calendar/common/iointgob.php Details: rex.string_rearrangement.001
CLEARED: Cleared malware from file: ./wp-content/plugins/the-events-calendar/common/puqtqrxb.php Details: php.malware.create_function.004The above malware has been cleaned off our site which was hacked this morning and being redirected to a malicious website. The plugin that was vulnerable is the Events Calendar Pro which my IT team has shown us from the items cleaned. We stay very current and are meticulous about updates and other security such as firewalls and passwords, unforutnatey we were hit hard due to what we believe is a zero day exploit in your plugin… in fact we are still trying to fix the mess
Hi,
Sorry for the issues you are having and bringing this to our attention.
I am not seeing those files in our plugins.
The file paths you provided are from The Events Calendar the core version of our plugin.
So I started looking there.
You can review our coding that is delivered from WordPress to every ones site here for the latest version:
https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/4.6.12
I do not see those files listed there.
I also downloaded the plugin right now to see if maybe they are hidden and could not find them then either.
You also mentioned PRO, did you have any files cleaned from that plugin? I downloaded the latest version to my computer and did not see anything that should not be there.
Do you have any information how they might have gotten in besides the file listing?
Let us know and we can go from here.
Thanks
I wish I did… honestly all I have is my hosting company telling me the name of your plugin kept coming up so they sent me the backdoor they opened.
Hi, I found this thread because my security plugin SecuPress Pro just warned me to delete the Events Calendar Pro due to vulnerabilities. Just checking to see if the team at Modern Tribe has patched it yet, or are working on it?
Will be following this thread to see when we can safely add the Events Calendar Pro plugin back onto our sites.
Cheers,
ReginaThank you first of all for flagging these problems.
We take security very seriously and are always keen to investigate reports like this one as promptly and thoroughly as we can — so we greatly appreciate you taking the time to share these notes.
I’d respectfully ask in future though that if you encounter anything else like this you approach us privately (by making using of our facilities for creating private topics, or else by using our contact form): proceeding with care and discretion in this sort of scenario is important if we’re to be able to address the problem early and with the least amount of disruption to our user base as possible.
Additionally, before we continue, I want to highlight the following article as a useful resource in situations like this one: codex.wordpress.org/FAQ_My_site_was_hacked
All I have is my hosting company telling me the name of your plugin kept coming up so they sent me the backdoor they opened.
We only know what you’ve shared with us, but as Brian highlighted those specific files are not actually distributed with our plugin. Based on the notes you’ve shared so far, there actually isn’t much evidence of a vulnerability in our code – in fact, very often, the actual ‘bad actor’ will modify other components (such as our plugin, or WordPress itself) rather than draw attention to itself.
That to say, although malicious files/code were added to our plugin (in the context of your site only, just to be super clear), that does not mean it is the source of the vulnerability. If your host or anyone else you’ve been working with has evidence to suggest otherwise then it would be great if they could share it: to that end, if you can put us in touch with them that would be appreciated (and details of any reference numbers for support tickets you might have created on that side could be useful, too).
Hi, I found this thread because my security plugin SecuPress Pro just warned me to delete the Events Calendar Pro due to vulnerabilities. Just checking to see if the team at Modern Tribe has patched it yet, or are working on it?
Hi Regina, thanks for getting in touch.
There’s not quite enough information for us to provide you with a well informed response at this stage. Your screenshot suggests there are specific details you can access (by following the link in the warning message) … are you able to do that and share further screenshots of what you see there?
I do want to be clear that, at this time and to the best of our knowledge, there are no known vulnerabilities in our plugins. False positives can and do crop up now and again however because security plugins and scanners, like any pieces of software, can get things wrong.
Last but not least, I want to be transparent that I am changing the title and URL for this converation. I’ll reach out to you both by email to ensure you have the updated URL, so you can continue to track things and add updates, but I felt this was an important change to make because the original topic title was somewhat alarmist and implied a situation that isn’t necessarily true.
Thanks again and please don’t hesitate to let us know if you have further details that might be helpful here.
Hey there! This thread has been pretty quiet for the last three weeks, so we’re going to go ahead and close it to avoid confusion with other topics. If you’re still looking for help with this, please do open a new thread, reference this one and we’d be more than happy to continue the conversation over there.
Thanks so much!
The Events Calendar Support Team
- The topic ‘Security questions’ is closed to new replies.