PriMoThemes — now s2Member® (official notice)

This is now a very OLD forum system. It's in READ-ONLY mode.
All community interaction now occurs at WP Sharks™. See: new forums @ WP Sharks™

Malware problems

s2Member Plugin. A Membership plugin for WordPress®.

Malware problems

Postby tonykummer » November 30th, 2011, 8:06 am

It may be too late to track this down now, but I wanted to mention the problem in case I've missed something.

I've had issues with malware on my s2member powered site. The first time was about a month ago and was resolved with a simple re-install of wordpress. Then again yesterday which required a backup restore.

It didn't seem too sophisticated, and was adding a long encrypted section of code after the /html tag on each page. It first came to my attention when my SSL was broken on sign-in pages. Then I discovered that Google had flagged it too.

I've temporarily disabled my s2member until I have some clarity on the cause.

Here is the malware notice from Google.
http://www.google.com/safebrowsing/diag ... ademy.com/

The website is using latest version S2Member Pro (111105), and the latest versions of WP (3.21)+ BuddyPress (1.51). The site uses the Buddy Press template. The only other plugins were Secure Wordpress (2.0.6) and PollDaddy (2.0.11). We have around 250 paid level one members, 4 authors, and one admin.

I know it may be hard to diagnose now that it's cleaned up, but any guidance would be helpful.

My only theory is that some whole opens up when using s2member with BuddyPress, but I see no similar issues in the forums.
User avatar
tonykummer
Registered User
Registered User
 
Posts: 1
Joined: November 29, 2011

Re: Malware problems

Postby Raam Dev » December 1st, 2011, 1:56 am

Hi tonykummer,

Thank you for reporting this.

Another possible avenue of attack could be through a neighboring account on the same server.

If your website is hosted on a shared server (as opposed to a dedicated server or a VPS), a compromised account on the same server could gain access to your files if the web host hasn't locked down the file permissions (all files and directories should be owned by you, and only writable by you, not Groups and Others... but check with your web host before making modifications as the server configuration may require specific settings).

This avenue isn't nearly as likely as another plugin with a vulnerability, but if you're only running the plugins you mentioned, then I'd suggest also looking into this possibility.
Raam Dev || Wherever you are, be there. || Please rate s2Member!
User avatar
Raam Dev
Developer
Developer
 
Posts: 810
Joined: October 26, 2011

Re: Malware problems

Postby Cristián Lávaque » December 3rd, 2011, 10:56 pm

Raam is right, check that too, but I'd like to take a look at your files.

Do you have a copy of the site with the malware? If you could, please upload a zip file of it somewhere and email us the details via the contact form so the Lead Developer takes a look at it, please. http://s2member.com/contact/

Thanks!
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it Image at WordPress.org. Thanks! :)
User avatar
Cristián Lávaque
Developer
Developer
 
Posts: 6836
Joined: December 22, 2010


Return to s2Member Plugin

Who is online

Users browsing this forum: Exabot [Bot], Google [Bot] and 2 guests

cron