RokCommon - javascript hacked
-
-
- Mihai Ivascu
- Newbie
- Posts: 14
- Thanks: 0
-
Hy, the RokCommon plugin its vulnerable to hackers and malitions codes. My site has been reported in Domain blacklisted by SpamHaus DBL: aeronews.ro
This is the detailed message:
DBL record for aeronews.ro
The domain name aeronews.ro is listed on the Spamhaus DBL.
Why is this domain listed?
aeronews.ro has been listed in the DBL because it has been hacked. The domain aeronews.ro is currently being abused by cyber-criminals who have hacked the website's hosting or its content management system (typically Wordpress, Joomla, etc) and placed malicious files on the web server. Please clean up this infection before removing the domain from the DBL.
The malicious files can be found here: hXXp://aeronews.ro/wp-content/plugins/wp_rokcommon/doctrine/auditlog/javascript.php
Do not just remove this file. Your site has been compromised and needs to be secured. Read our FAQ on abused legitimate domains for more information. This Wordpress FAQ on hacked sites also contains useful information.
Removal from DBL
To remove aeronews.ro from the DBL, go to the DBL removal form
-
-
-
- Damir
- Preeminent Rocketeer
- Posts: 22450
- Thanks: 2679
- Web Developer
- Will look into this, what code in that file is the problem?
- Available for CUSTOM WORK with Joomla, WordPress and Grav Templates and Gantry Framework!
-
-
-
- Jakub Baran
- Elite Rocketeer
- Posts: 4329
- Thanks: 81
-
Hi,
Thank you for reporting that, however we need more informations to be able to verify that. The simple fact that a malicious file was placed in RokCommon directory doesn't necessary mean that this was the plugin that was hacked. These can be caused by many various reasons ie. wrong file/directory permissions, other plugins, outdated plugins, outdated WordPress version etc. Malicious software usually tries to propagate and hide itself as much as possible via cloning itself to every possible location so it would be harder to remove all of its instances.
Of course I'd like to investigate your report but I need more information about that. Do you have any access logs ? Can your hosting provider check if there was any suspicious activity on your account or provide any logs ? What files did get modified ? Are you using latest stable versions of the plugins ? Also the malicious file is gone from your server so I don't have any possibility of checking its code for any hints about what kind of malicious software it is and what target is it looking for. Please contact your hosting provider and we'll see what they reply.
Thank you,
Jakub - Remember to always post a link to the site you're having problem with.
-
Time to create page: 0.046 seconds