Jump to content

Archived

This topic is now archived and is closed to further replies.

scswraps

Pagelines Poppy Malware

By scswraps, in DMS & Legacy Products

Recommended Posts

scswraps    0

scswraps
Posted

Hello,

Wordfence scan is returning the following error when scanning my site for /wp-content/plugins/pagelines-poppy/pagelines-poppy.php. When I go to visit the url below, google chrome also says it's a malware site.  Should I replace the core plugin code with a fresh copy, or remove altogether?  Oddly enough, the permissions for that directory were set to 777 which I did not likely set unless the documentation requested it. Any suggestions otherwise?  

This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://poppy.pagelines.me/ 


Thank you, 

Share this post

Link to post
Share on other sites

Andrew    207

Andrew
Posted

Thanks for the notification, it does appear that something strange is going on there. I think i'll take down the pagelines.me domain altogether as its actually lots of spam sites for the most part (it was a multisite experiment we did 5 years ago)

However, this shouldn't have anything to do with the actual plugin you have installed, only the site on pagelines.me which should have no bearing.

Share this post

Link to post
Share on other sites
Go To Topic Listing DMS & Legacy Products

  • Similar Content

    • michelled
      Host says website is infected
      By michelled
      Many thanks in advance for your help.
       
      I was recently informed by my web host that my site is infected, specifically they say file
       
       
      which they say:
       
       
      When I posted on WP, I was told this was odd as there is no record of this file being affected by malware. I was also advised to check my site on sucuri. Sucuri found nothing. When I checked via my site's file manager, the named file was not present but may have been removed by my host server.
       
      I was nevertheless instructed to remove and replace my files:
       
       
      Problem is, when I compared the files on my site server and those in the Wordpress 4.1 archive, my site had a great number of additional files. My concern was that these were added by my Pageline theme, Platform, and removing them would cause a complete malfunction of my site. I was advised that no theme should be modifying the core files and that these files may be the result of the alleged malware infection. Before I potentially destroy my website, could someone please confirm that the following files were not added by the Platform theme:
       
      root directory:
      fantversion.php
      wp-atom.php
      wp-commentsrss2.php
      wp-feed.php
      wp-pass.php
      wp-rdf.php
      wp-register.php
      wp-rss.php
      wp-rss2.php
      wp-xmlrpc.php

      wp-admin:
      ajax-upload.php

      wp-admin/includes:
      install.php
      options-reading.php

      wp-admin/js:
      default_folder.php

      wp-admin/network:
      details_up.php

      wp-includes:
      class-wp-smtp-bar.php
      class.wp-dependencies.php
      class.wp-scripts.php
      class.wp-styles.php

      wp-includes/certificates:
      patfactory.php
      tdomf-upload-functions.php

      wp-includes/css:
      mod_search.php
      themes.php

      wp-includes/js/crop:
      default_ftp.php

      wp-includes/js/jquery/ui:
      jquery.ui.accordion.min.js
      jquery.ui.autocomplete.min.js
      jquery.ui.button.min.js
      jquery.ui.core.min.js
      jquery.ui.datepicker.min.js
      jquery.ui.dialog.min.js
      jquery.ui.draggable.min.js
      jquery.ui.droppable.min.js
      jquery.ui.effect-blind.min.js
      jquery.ui.effect-bounce.min.js
      jquery.ui.effect-clip.min.js
      jquery.ui.effect-drop.min.js
      jquery.ui.effect-explode.min.js
      jquery.ui.effect-fade.min.js
      jquery.ui.effect-fold.min.js
      jquery.ui.effect-highlight.min.js
      jquery.ui.effect-pulsate.min.js
      jquery.ui.effect-scale.min.js
      jquery.ui.effect-shake.min.js
      jquery.ui.effect-slide.min.js
      jquery.ui.effect-transfer.min.js
      jquery.ui.effect.min.js
      jquery.ui.menu.min.js
      jquery.ui.mouse.min.js
      jquery.ui.position.min.js
      jquery.ui.progressbar.min.js
      jquery.ui.resizable.min.js
      jquery.ui.selectable.min.js
      jquery.ui.slider.min.js
      jquery.ui.sortable.min.js
      jquery.ui.spinner.min.js
      jquery.ui.tabs.min.js
      jquery.ui.tooltip.min.js
      jquery.ui.widget.min.js

      wp-includes/js/tinymce/langs:
      wp-langs-en.phtml

      wp-includes/js/tinymce/plugins/colorpicker:
      strspn.php

      wp-includes/js/tinymce/plugins/compat3x/css:
      folder.php

      wp-includes/js/tinymce/plugins/fullscreen:
      pdf.php

      wp-includes/js/tinymce/plugins/tabfocus:
      zip.php

      wp-includes/js/tinymce/plugins/wpeditimage:
      defines.php

      wp-includes/js/tinymce/plugins/fullscreen:
      DB.php

      wp-includes/js/tinymce/plugins/wpgallery:
      BBCode.php

      wp-includes/js/tinymce/plugins/wplink:
      frontpage.php

      wp-includes/js/tinymce/plugins/wpview:
      move.php

      wp-includes/js/tinymce/skins/lightgray/fonts:
      tdomf-subscribe-to-comments-widget.php

      wp-includes/js/tinymce/skins/wordpress:
      directory.php

      wp-includes/js/tinymce/skins/wordpress/images:
      dashicon-no-alt.png

      wp-includes/SimplePie:
      index.php

      wp-includes/SimplePie/Content/Type:
      nav-menu.php

      wp-includes/SimplePie/HTTP:
      InputFilter.php

      wp-includes/SimplePie/XML/Declaration:
      details_img.php
      ms-users.php

      wp-includes/Text/Diff:
      admin.languages.html.php

      wp-includes/Text/Diff/Engine:
      xml_domit_xpath.php

      wp-includes/Text/Diff/Renderer:
      freesansbi.php

      wp-includes/theme-compat:
      string.php
×