Community Support Forums — WordPress® ( Users Helping Users ) — 2011-12-03T22:56:04-05:00 http://www.primothemes.com/forums/feed.php?f=4&t=16128 2011-12-03T22:56:04-05:00 http://www.primothemes.com/forums/viewtopic.php?t=16128&p=54489#p54489 <![CDATA[Re: Malware problems]]>
Do you have a copy of the site with the malware? If you could, please upload a zip file of it somewhere and email us the details via the contact form so the Lead Developer takes a look at it, please. http://s2member.com/contact/

Thanks!

Statistics: Posted by Cristián Lávaque — December 3rd, 2011, 10:56 pm

]]> 2011-12-01T01:56:10-05:00 http://www.primothemes.com/forums/viewtopic.php?t=16128&p=54291#p54291 <![CDATA[Re: Malware problems]]>
Thank you for reporting this.

Another possible avenue of attack could be through a neighboring account on the same server.

If your website is hosted on a shared server (as opposed to a dedicated server or a VPS), a compromised account on the same server could gain access to your files if the web host hasn't locked down the file permissions (all files and directories should be owned by you, and only writable by you, not Groups and Others... but check with your web host before making modifications as the server configuration may require specific settings).

This avenue isn't nearly as likely as another plugin with a vulnerability, but if you're only running the plugins you mentioned, then I'd suggest also looking into this possibility.

Statistics: Posted by Raam Dev — December 1st, 2011, 1:56 am

]]> 2011-11-30T08:06:42-05:00 http://www.primothemes.com/forums/viewtopic.php?t=16128&p=54235#p54235 <![CDATA[Malware problems]]>
I've had issues with malware on my s2member powered site. The first time was about a month ago and was resolved with a simple re-install of wordpress. Then again yesterday which required a backup restore.

It didn't seem too sophisticated, and was adding a long encrypted section of code after the /html tag on each page. It first came to my attention when my SSL was broken on sign-in pages. Then I discovered that Google had flagged it too.

I've temporarily disabled my s2member until I have some clarity on the cause.

Here is the malware notice from Google.
http://www.google.com/safebrowsing/diag ... ademy.com/

The website is using latest version S2Member Pro (111105), and the latest versions of WP (3.21)+ BuddyPress (1.51). The site uses the Buddy Press template. The only other plugins were Secure Wordpress (2.0.6) and PollDaddy (2.0.11). We have around 250 paid level one members, 4 authors, and one admin.

I know it may be hard to diagnose now that it's cleaned up, but any guidance would be helpful.

My only theory is that some whole opens up when using s2member with BuddyPress, but I see no similar issues in the forums.

Statistics: Posted by tonykummer — November 30th, 2011, 8:06 am

]]>