It may be too late to track this down now, but I wanted to mention the problem in case I've missed something.
I've had issues with malware on my s2member powered site. The first time was about a month ago and was resolved with a simple re-install of wordpress. Then again yesterday which required a backup restore.
It didn't seem too sophisticated, and was adding a long encrypted section of code after the /html tag on each page. It first came to my attention when my SSL was broken on sign-in pages. Then I discovered that Google had flagged it too.
I've temporarily disabled my s2member until I have some clarity on the cause.
Here is the malware notice from Google.
http://www.google.com/safebrowsing/diag ... ademy.com/
The website is using latest version S2Member Pro (111105), and the latest versions of WP (3.21)+ BuddyPress (1.51). The site uses the Buddy Press template. The only other plugins were Secure Wordpress (2.0.6) and PollDaddy (2.0.11). We have around 250 paid level one members, 4 authors, and one admin.
I know it may be hard to diagnose now that it's cleaned up, but any guidance would be helpful.
My only theory is that some whole opens up when using s2member with BuddyPress, but I see no similar issues in the forums.
Malware problems
s2Member Plugin. A Membership plugin for WordPress®.
3 posts
• Page 1 of 1
Malware problems
by tonykummer » November 30th, 2011, 8:06 am
-
tonykummer - Registered User
- Posts: 1
- Joined: November 29, 2011
Re: Malware problems
by Raam Dev » December 1st, 2011, 1:56 am
Hi tonykummer,
Thank you for reporting this.
Another possible avenue of attack could be through a neighboring account on the same server.
If your website is hosted on a shared server (as opposed to a dedicated server or a VPS), a compromised account on the same server could gain access to your files if the web host hasn't locked down the file permissions (all files and directories should be owned by you, and only writable by you, not Groups and Others... but check with your web host before making modifications as the server configuration may require specific settings).
This avenue isn't nearly as likely as another plugin with a vulnerability, but if you're only running the plugins you mentioned, then I'd suggest also looking into this possibility.
Thank you for reporting this.
Another possible avenue of attack could be through a neighboring account on the same server.
If your website is hosted on a shared server (as opposed to a dedicated server or a VPS), a compromised account on the same server could gain access to your files if the web host hasn't locked down the file permissions (all files and directories should be owned by you, and only writable by you, not Groups and Others... but check with your web host before making modifications as the server configuration may require specific settings).
This avenue isn't nearly as likely as another plugin with a vulnerability, but if you're only running the plugins you mentioned, then I'd suggest also looking into this possibility.
-
Raam Dev - Developer
- Posts: 810
- Joined: October 26, 2011
Re: Malware problems
by Cristián Lávaque » December 3rd, 2011, 10:56 pm
Raam is right, check that too, but I'd like to take a look at your files.
Do you have a copy of the site with the malware? If you could, please upload a zip file of it somewhere and email us the details via the contact form so the Lead Developer takes a look at it, please. http://s2member.com/contact/
Thanks!
Do you have a copy of the site with the malware? If you could, please upload a zip file of it somewhere and email us the details via the contact form so the Lead Developer takes a look at it, please. http://s2member.com/contact/
Thanks!
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it
at WordPress.org. Thanks! :)
Is s2Member working for you? Please rate it
-
Cristián Lávaque - Developer
- Posts: 6836
- Joined: December 22, 2010
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: Exabot [Bot], Google [Bot] and 2 guests