Beware of WP-Rocket

waikey

waikey

Member
Jul 18, 2020
48
-7
8
www.waikey.com
The new virus from domain donatelloflowfirstly . ga is now attacking wordpress site.
the virus will generate(maybe download) a file named with "_t" or "_a", the file will scan the whole site, then inject a line of JS code to those files, then inject the code to all post and pages
The JS code will redirect your site to domains: blackwaterforllows . ga , donatelloflowfirstly . ga , and blackwaterforllows . ga . ..

many site got infected but people still don't know where is the backdoor, so be aware of the nulled plugins and themes these days.

Hope the expert in this forum can check some popular plugins such as wp-rocket (since my site got injected with this nulled plugin).
 
  • Like
Reactions: thefuckingdevil and Khawk1
waikey

waikey

Member
Jul 18, 2020
48
-7
8
www.waikey.com
I don't know, since been injected by the virus after installing this plugin...
Paid theme, paid other plugins, but this one is nulled version, so I post this with "Beawre".. hope expert in this forum can check it !
 
Hexor

Hexor

:):
Trusted Seller
Trusted Uploader
Jun 23, 2020
2,005
1,546
120
Pale Blue Dot
waikey said:
I don't know, since been injected by the virus after installing this plugin...
Paid theme, paid other plugins, but this one is nulled version, so I post this with "Beawre".. hope expert in this forum can check it !
Click to expand...
did you install wp rocket from babiato?
 
S

shahkb4

Guest
It's possible because one of my website is not generating above the fold CSS through WP rocket. It's showing errors.
 
Ako12

Ako12

New member
Sep 5, 2019
18
0
1
Hmm ... I don't use wp rocket lately, but this case quite interesting.
 
CyberDeviL

CyberDeviL

Back to Life 🧬
Trusted Uploader
Aug 10, 2018
2,795
10,823
113
Earth
TO CLARIFY:

FIRST OF ALL, AS PER ABOVE SCREENSHOT, I COULD ONLY SEE ONE RESULT ON GOOGLE RELATED TO "donatelloflowfirstly.ga wp-rocket" AND THAT IS TOO FROM A UNKNOWN "GUEST AUTHOR" HITESH SISARA FROM MEDIUM.COM . . .

REGARDING WP ROCKET NULLED . . . . ALL MY SHARES ARE DIRECTLY FROM DEVELOPER'S SITES (NOT FROM ANY 3RD PARTY SHITS). SO IF YOU FIND ANY sh** FROM MY FILES YOU ARE ELIGIBLE TO ACCUSE THE DEVELOPERS DIRECTLY WITH THAT VALID PROOF.


BUT !!!

I have seen many people having ZERO PATIENCE here too, if some theme/plugin gets delayed to be posted here by mainstream users here, and in between that time if someone (unknown / newbie users) else posts the updated one, people blindly rushes towards that release to use and grab the unknown DIAMOND. IN SUCH CASE THEY ARE ENTIRELY RESPONSIBLE FOR THEIR HARDCORE STUPIDITY DESPITE THE RESOURCE BEING DOWNLOADED FROM BABIATO.
 
  • Like
  • Love
  • Haha
Reactions: radhshyamsundar, newfolder, nightcrawller and 31 others
waikey

waikey

Member
Jul 18, 2020
48
-7
8
www.waikey.com
CyberDeviL said:
TO CLARIFY:

FIRST OF ALL, AS PER ABOVE SCREENSHOT, I COULD ONLY SEE ONE RESULT ON GOOGLE RELATED TO "donatelloflowfirstly.ga wp-rocket" AND THAT IS TOO FROM A UNKNOWN "GUEST AUTHOR" HITESH SISARA FROM MEDIUM.COM . . .

REGARDING WP ROCKET NULLED . . . . ALL MY SHARES ARE DIRECTLY FROM DEVELOPER'S SITES (NOT FROM ANY 3RD PARTY SHITS). SO IF YOU FIND ANY sh** FROM MY FILES YOU ARE ELIGIBLE TO ACCUSE THE DEVELOPERS DIRECTLY WITH THAT VALID PROOF.


BUT !!!

I have seen many people having ZERO PATIENCE here too, if some theme/plugin gets delayed to be posted here by mainstream users here, and in between that time if someone (unknown / newbie users) else posts the updated one, people blindly rushes towards that release to use and grab the unknown DIAMOND. IN SUCH CASE THEY ARE ENTIRELY RESPONSIBLE FOR THEIR HARDCORE STUPIDITY DESPITE THE RESOURCE BEING DOWNLOADED FROM BABIATO.
Click to expand...

thanks for your hardwork!
I don't know how to fix the backddor since I even don't know where is the backdoor~~~ so I post here to remind if someone else got the same problem ! will check the whole site later for more details
 
Eneme

Eneme

Active member
Jan 21, 2020
139
70
28
Nigeria
bit.ly
waikey said:
thanks for your hardwork!
I don't know how to fix the backddor since I even don't know where is the backdoor~~~ so I post here to remind if someone else got the same problem ! will check the whole site later for more details
Click to expand...

Use word fence security to scan your site... Also use immuify to scan your website. you will see the code and it folders...

Also you can restore your website to the very first day you install the plugin .

If you need assistance let me know
 
  • Like
Reactions: ankers
pcintav

pcintav

Active member
Oct 8, 2018
214
102
43
CyberDeviL said:
TO CLARIFY:

FIRST OF ALL, AS PER ABOVE SCREENSHOT, I COULD ONLY SEE ONE RESULT ON GOOGLE RELATED TO "donatelloflowfirstly.ga wp-rocket" AND THAT IS TOO FROM A UNKNOWN "GUEST AUTHOR" HITESH SISARA FROM MEDIUM.COM . . .

REGARDING WP ROCKET NULLED . . . . ALL MY SHARES ARE DIRECTLY FROM DEVELOPER'S SITES (NOT FROM ANY 3RD PARTY SHITS). SO IF YOU FIND ANY sh** FROM MY FILES YOU ARE ELIGIBLE TO ACCUSE THE DEVELOPERS DIRECTLY WITH THAT VALID PROOF.


BUT !!!

I have seen many people having ZERO PATIENCE here too, if some theme/plugin gets delayed to be posted here by mainstream users here, and in between that time if someone (unknown / newbie users) else posts the updated one, people blindly rushes towards that release to use and grab the unknown DIAMOND. IN SUCH CASE THEY ARE ENTIRELY RESPONSIBLE FOR THEIR HARDCORE STUPIDITY DESPITE THE RESOURCE BEING DOWNLOADED FROM BABIATO.
Click to expand...

Great Comment Bro!
 
alvincio11

alvincio11

New member
Aug 17, 2020
1
3
3
It's easy to remove the malicious code, just goto your phpmyadmin in cpanel and search on your database of your wordpress site. just fixed my clients site recently.. cant remove this using wordfence, just do it manually.
 
  • Love
  • Like
Reactions: ankers, Tetryx and Saint Gabriel
D

darkmesaia

Member
Nov 13, 2019
50
17
8
Everywhere!
The fact that you have purchased plugins/themes does not mean anything.

A wrong (or vulnerability) could come from any plugin or even from a theme, we watch daily (because it's a part of my job) via rss and services like wpvulndb and others, and it is really unbelievable how many vulnerabilities there are in known plugins/themes.

Plugins and themes are made by people and people make mistakes too, which of course they correct along the way.

Also, without wanting to talk about most of the plugins/themes here at babiato, but whatever I have used as null is really 100% clean and correct. Finally, to tell you the truth, for me the "null releases" are just a possibility that I can have without having to pay for them and try them, if I have come up with something I like I will buy it.

I know, it's nice the free one you actually have to pay for, but the responsibility in any case, remains with the one who will install it and choose a null.

Always friendly and without misunderstandings. :)
 
  • Like
Reactions: maoxek and thefuckingdevil
D

dezigna

Member
May 18, 2020
65
25
18
@waikey - did you check your access logs etc? This link below, last post, suggests the script is active when elementor is enabled.

stackoverflow.com

Random Java Scripts keep adding my WordPress site on every page how should i remove them?

some malware get into my WordPress site and they insert these types of scripts in every post and pages, How can I remove this so I don't have to do it manually one by one they even inserted this sc...
stackoverflow.com stackoverflow.com

People who are infected, do you have elementor enabled?

Update:
I don't have any nulled plugins at all. But after some searching it was mentioned the "Ultimate Addons for Elementor" was hacked and many websites were infected with this virus.
Click to expand...
 
Last edited:
You must log in or register to reply here.

Similar threads

L
WELCOME BEWARE AND STAY AWAY FROM BANNING
Replies
0
Views
505
Closed Threads
lenlegit57
L
onrainsoln
WP Rocket | 1 Year | 3$ only 😊
Replies
5
Views
617
Closed Threads
Deepansh
Deepansh
usmanjavid
wp rocket
Replies
1
Views
773
Closed Threads
Deepansh
Deepansh
ramjio123
Drive Rocket - Share your Google Drive
Replies
2
Views
723
Closed Threads
Deepansh
Deepansh
Philip22
WP Rocket v3.12.0.4 WordPress Premium Plugin Free
Replies
3
Views
2K
Closed Threads
guguk
guguk

Latest posts

Forum statistics

Threads
69,206
Messages
908,351
Members
236,887
Latest member
nickpubg

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom