Suspicious code in the latest update

  • Laurendo

    (@laurendo)


    8 years ago

    Hi there,
    After updating to the latest version 1.8, Vault Press discovered a code pattern often used to run a very dangerous shell programs on your server. The code is

    $this->assertEquals(‘test’, $rot($rot(‘test’)));
    $this->assertEquals(‘täst’, $decode($encode(‘täst’)));

    Here is a screenshot: https://screencast.com/t/zPlWp02LJ8c

    Could you please respond as quickly as you can letting me and others who updated to the latest version know about this suspicious code?

    Thanks

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • yehudah

    (@yehudah)

    8 years ago

    Hi,

    Can you point me to the path ,?

    Mailgun by any chance ?

    Thread Starter Laurendo

    (@laurendo)

    8 years ago

    sur,

    /wp-content/plugins/post-smtp/Postman/Postman-Mail/mailgun/vendor/clue/stream-filter/tests

    Thread Starter Laurendo

    (@laurendo)

    8 years ago

    Please recommend how to address the threat.

    Thread Starter Laurendo

    (@laurendo)

    8 years ago

    Any updates on this?

    Thread Starter Laurendo

    (@laurendo)

    8 years ago

    It looks like part of the path I sent you was missing. Here is the full path

    /wp-content/plugins/post-smtp/Postman/Postman-Mail/mailgun/vendor/clue/stream-filter/tests/FunTest.php.

    Thread Starter Laurendo

    (@laurendo)

    8 years ago

    I need to know if this is a site-compromising threat? Can I just delete the FunTest.php? Please let me know…

    yehudah

    (@yehudah)

    8 years ago

    It’s nothing but delete it.

    I will remove it too in the next version.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Suspicious code in the latest update’ is closed to new replies.

  • 7 replies
  • 2 participants
  • Last reply from: yehudah
  • Last activity: 8 years ago
  • Status: not resolved