I only use script from babiato but...
- Thread starter 𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
- Start date
-
Welcome to Original Babiato! All Resource are Free and No downloading Limit.. Join Our Official Telegram Channel For updates Bypass All the resource restrictions/Password/Key? Read here! Read Before submitting Resource Read here! Support Our Work By Donating Click here!
- Status
biscuit
Well-known member
- May 30, 2018
- 417
- 240
- 63
- Dec 1, 2018
- 24,105
- 27,371
- 120
Which one is that "plugin newsletter"?
And it seems more like a security flaw of a plugin than an altered script.
Remember even Elementor was flawed leading to compromising thousand of websites.
And it seems more like a security flaw of a plugin than an altered script.
Remember even Elementor was flawed leading to compromising thousand of websites.
newfolder
Active member
- Sep 16, 2019
- 281
- 205
- 43
- 33
This also happened to 3 of my client sites because of Elementor's security vulnerability in middle of this year. (They didn't signed up for the maintenance service. So it's not my fault)
Nothing to do with Babiato bro. It's plugin or theme vulnerability. Some sites getting attacked using poor security. SQL injections and other malicious attacks.
Clean the site using Malcare or some plugin. If u have an backup, restore and keep up to date all the plugins and themes as soon as you can.
Nothing to do with Babiato bro. It's plugin or theme vulnerability. Some sites getting attacked using poor security. SQL injections and other malicious attacks.
Clean the site using Malcare or some plugin. If u have an backup, restore and keep up to date all the plugins and themes as soon as you can.
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
Active member
i don't use elementor (never use it in my life 
)
and i have other site that not running script from here and not have that warning
i think ( i hope i wrong )...
wp ---> install plugin ---[ plugin sent some trigger "hello this $domain in online" ] ---> save
random day --> source server that already save the trigger call $domain/plugin/newsletter ---> run script
throw the dice... if i have download script / plugin that have that php QUERY.. then .boom.... wp-config revealed...
well i did not say that this is because BABIATO, but i think this is more to person... i still trust babiato....
the problem is i only use themes and plugin from here on that site and once again... i never mention babiato fault and never think about that.
but maybe because "500 resource under approval! " then one or two script missed from check...
and as mention on screenshot the query are blocked by Hide My WP.
update:
new attack
i think the "bad-man" using trigger from some script
)and i have other site that not running script from here and not have that warning
i think ( i hope i wrong )...
wp ---> install plugin ---[ plugin sent some trigger "hello this $domain in online" ] ---> save
random day --> source server that already save the trigger call $domain/plugin/newsletter ---> run script
throw the dice... if i have download script / plugin that have that php QUERY.. then .boom.... wp-config revealed...
well i did not say that this is because BABIATO, but i think this is more to person... i still trust babiato....
the problem is i only use themes and plugin from here on that site and once again... i never mention babiato fault and never think about that.
but maybe because "500 resource under approval! " then one or two script missed from check...
and as mention on screenshot the query are blocked by Hide My WP.
update:
new attack
i think the "bad-man" using trigger from some script
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
Active member
Isolated to specific domain:
this is the plugin that i use (only this site got attack...) i never publish this domain ....or put some backlink or other
this is the second website that got attack... it's not use pure script from babiato, but only use babiato resources for pro/premium (other are free version from WP lib )
Even i dont use those plugin, but i think anyone that have that plugin should beware and re scan....
this is the plugin that i use (only this site got attack...) i never publish this domain ....or put some backlink or other
this is the second website that got attack... it's not use pure script from babiato, but only use babiato resources for pro/premium (other are free version from WP lib )
Even i dont use those plugin, but i think anyone that have that plugin should beware and re scan....
Groot
Well-known member
- Jun 17, 2020
- 412
- 415
- 63
You need check what is in plugin/newsletter?i don't use elementor (never use it in my life
and i have other site that not running script from here and not have that warning
i think ( i hope i wrong )...
wp ---> install plugin ---[ plugin sent some trigger "hello this $domain in online" ] ---> save
random day --> source server that already save the triger call $domain/plugin/newsletter ---> run script
throw the dice... if i have download script / plugin that have that php QUERY.. then .boom.... wp-config revealed...
well i did not say that this is because BABIATO, but i think this is more to person... i still trust babiato....
the problem is i only use themes and plugin from here on that site and once again... i never mention babiato fault and never think about that.
but maybe because "500 resource under approval! " then one or two script missed from check...
and as mention on screenshot the query are blocked by Hide My WP.
Then plugin/newsletter from Babiato or not?
And not all hack reason come from themes, plugins on Babiato, it also come from your hosting security, your easy password or from security holes of untouched themes, plugins on your site.
Anyway, not 100% resources here safe because many guys still insert code to untouched version: for nulling, for copyright, promo links or other purpose. You don't know what inside it if you not have untouched version & skill to check & compare both versions.
All resources on net always use at your own risk. If you got hack, take your time to do all essential actions to make your site safe then. Trust recommendations from security experts, don't trusted anyone else!
Good luck!
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
Active member
hello
thankyou for your reply
the plugin newletter (or something) is not the only one plugin that have "backdoor" (if i can say that), like my screenshot. it use other plugin too.
like i said before
i only use plugin/themer (pro/full/premium version) from here, not other download places, i trust babiato...
and for me.. personally, i am new member here, maybe about 1 years or less, but i never get this attack before. and i always use resources from babiato that already "official" put on resources list. not from comment or hot link.
and i use only on test site. no impact for me, but other member here must re check their script.
sadly im not programmer so i cant understand how to compare untouched and nulled. of course no secure places even for "official version/real paid license"
but better to share ... so other member can more carefull....
Groot
Well-known member
- Jun 17, 2020
- 412
- 415
- 63
Really, like I said, attacks not only come from bad version of theme, plugin you downloaded here (if it really bad).
It also come from cross-sites attack on your hosting or security holes from old version of theme/ plugin, WP core or free weak themes/ plugins on WP Repository, or your weak password.
There hundred popular reasons for a WP website getting hacked, so if you got it, it not real problem of all members here.
Because THE TRUTH most members understand is WP very easy to hack if administrator not protect it good enough & all resources free on net USE AT YOUR OWN RISK.
So, hope everything good for you after that!
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
Active member
- Dec 1, 2018
- 24,105
- 27,371
- 120
@NewLoginOnTheBlok please send me a PM with a download link containing a full archive of plugins and themes folder from your affected install.
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
Active member
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
Active member
yes. i already see that site
but the question is
how this "person" / "machine" know my site up ?
i have many website.... but why only that new site got scanned ?
same ip (shared ip on my vps)
that domain is not new.. about 1 years and i have some domain with same tld and same year too
the different is,,, i just install wp and plugin few days before 1st brute
i thougt that was only some kind internet brute....
i want to test copy the plugin to another site (new site) but i think that will not work
why?
we know this step
If abc.check exist then sent "hello $domain is here"|| then delete abc.check
else remove line 123
end
and i never save babiato script on my computer, every time i need it, i just re download. admin can see my log. sometimes i download same plugin multitimes lol
- Oct 10, 2019
- 221
- 123
- 43
I can suggest you some free tools to help staying safe in this GPL world. you can google & download these 2 useful softwares.
1. WinMerge - use to compare files content between 2 or more folders for changes. useful to learn what had changed between the original/untouched vs nulled/so called 'gpl'
2. grepWin - use to bulk find/search for particular or suspicious strings/code/external call/backdoor resides in all files within selected folder. first thing to do is always scan for 'http' string for any suspicious domain/url/api/callback/etc.
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
Active member
thank you for your suggestion
but thankyou i will try both files
actually it's not about me. that site was test site only
i just worried if someone try upload resources without re check syntax inside the files
my production website are safe... at least until now
in same vps same ip... and other vps too
i just "infected" 1 domain ^_^
Lucky me. it just test site
Groot
Well-known member
- Jun 17, 2020
- 412
- 415
- 63
Not person!
Hack bot automatically scan all IPs of server providers, it not care/ know your site new or old like the grandmas. When it scan & catch a name of plugins or themes have security problems we know, it says WOW, then try to do essential works to hack.
You can block bot of Google, Bing because it legic but no way to block hack/ spam bot when your site live.
If you create a new WP on a cheap hosting/ vps and not turn of discussion feature, hundred spam comments should come just a few hours later. But on some good hosting now, they can block most bad bot for you .
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
Active member
forgive for my bad english
once again, it's not about me... i can just block it with wp plugin or csf or else
but i just worried ( i hope i am wrong )
other people and babiato
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
Active member
the funny things...
the "bot" that already triggered to try brute me, now stop. i dont get the warning again.....
the "bot" that already triggered to try brute me, now stop. i dont get the warning again.....
- Status
Similar threads
