[pmwiki-users] MailPoet Virus -- eeps

Sandy sandy at onebit.ca
Thu Jul 24 16:46:36 CDT 2014

According to this site,


The malware injection code is actually trying to compromise all PHP 
files that it can on the server. So if you have a site at 
/var/www/site1.com with MailPoet and another site at /var/www/site2.com 
without it, the malware injector from site1.com will try to compromise 
site2.com as well. We had a client that all his 20+ sites got injected, 
because one site inside the same shared account had MailPoet on it. 
That's why we were seeing Joomla and Magento sites with the same malware 
as well. Took us a bit of time to connect all the dots and find the 
entry point on them.



Can you reassure us that PmWiki.org has proper fences, and the scripts 
there are clean? (Knowing Pm, I think it's good, but want to check.)

Meanwhile, I'm going to do yet another backup of our data. And email. I 
think our host puts proper fences between accounts, and I know I didn't 
use any WP plugins when I tested it ages ago, but better safe than sorry.



More information about the pmwiki-users mailing list