[pmwiki-users] MailPoet Virus -- eeps
sandy at onebit.ca
Thu Jul 24 16:46:36 CDT 2014
According to this site,
The malware injection code is actually trying to compromise all PHP
files that it can on the server. So if you have a site at
/var/www/site1.com with MailPoet and another site at /var/www/site2.com
without it, the malware injector from site1.com will try to compromise
site2.com as well. We had a client that all his 20+ sites got injected,
because one site inside the same shared account had MailPoet on it.
That's why we were seeing Joomla and Magento sites with the same malware
as well. Took us a bit of time to connect all the dots and find the
entry point on them.
Can you reassure us that PmWiki.org has proper fences, and the scripts
there are clean? (Knowing Pm, I think it's good, but want to check.)
Meanwhile, I'm going to do yet another backup of our data. And email. I
think our host puts proper fences between accounts, and I know I didn't
use any WP plugins when I tested it ages ago, but better safe than sorry.
More information about the pmwiki-users