Finally I’m seeing it. The reviews are finally popping up.
This plugin is a disservice to WordPress and the community, if they had ANY remorse or intregrity for the trouble this thing causes they’d take it off the web.
To clarify the other reviews, yes if you installed it yourself it was used against you. If you DID NOT install it and see it on your site, heads up, you’ve been hacked. Hackers have been using this plugin for about 2 years from when I first started cleaning up messes caused by this.
IF YOU SEE THIS INSTALLED ON YOUR SITE AND YOU DID NOT INSTALL IT YOU’VE BEEN HACKED.
Places you want to check:
wp-includes
wp-content/plugins
wp-admin
Some of the files and folders I’ve seen:
- voicemail.wav
- mytime
This plugin is used back hackers to extract a series of zips that are used for phishing. If you’ve ever dealt with a phishing hack that wasn’t caught in time you know how absolutely horrendous it is to get yourself relisted and off black lists. This is NOT limited to just Google, it can take weeks to months to clean a reputation and THIS plugin is making it not only possible, but easy.
Some tell tale signs you’re screwed.
1. You see this plugin on your site
2. All your security plugins are disabled
3. Other plugins are disabled as well
My best strategy to block this from happening is using Apache (.htaccess) to install a hard coded whitelist. Upkeep is a pain but reinfection typically stops. Below I’ve shared the script I use, just replace the numbers with your own IP. Copy and paste the row with the IP to continue to add more.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?login(.*)$
RewriteCond %{REMOTE_ADDR} !^55\.555\.555\.55$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>This plugin should simply not exist, it should be removed from the WordPress repository at a minimum.
Now be prepared for the generic reply about how they treasure security that’s copy and pasted on all the other reviews. This thing is trash and I’ll make it my mission to make sure it’s removed from the repository. If they had any integrity they’d do it themselves. It’s 100% the reason sites are being hacked and 100% a dangerous thing to have on WordPress.org.
If you’ve installed this voluntarily I cannot stress enough the mess you’ve made for yourself. Delete it immeaditely, use FTP/SFTP to transfer files like you should. This shortcut belongs no where but in the trash.
0 Stars. Don’t assume I want to even give it 1 star.
Now back to cleaning up another site.