
404 to 301 Plugin Considered Harmful - 0x0
https://www.wordfence.com/blog/2016/08/404-301-plugin-considered-harmful/
======
0x0
The cloaking injection malware has been present for at least 3 months:
[https://plugins.trac.wordpress.org/changeset/1428395/404-to-...](https://plugins.trac.wordpress.org/changeset/1428395/404-to-301)
and apparently undergone several revisions for the bot-checking/cloaking.

As I see it, there are only a few explanations for what's going on:

1\. The author added the malware on purpose (and probably should be banned
from publishing plugins on wordpress.org)

2\. The author had his partner add the malware but didn't understand the code
(which, if he couldn't spot the malwareness of the the obvious content
replacement hooks or the eleet "?v=1337" URLs, means he probably should also
be banned from publishing plugins on wordpress.org)

3\. The author rented out his wordpress.org plugin author account and didn't
pay attention to what it was used for (which means he probably should also be
banned from having a wordpress.org plugin publisher account)

Odd that the wordpress.org staff appears to believe this multi month adventure
was "a mistake".

------
0x0
With a follow-up post too: [https://www.wordfence.com/blog/2016/08/will-
always-put-custo...](https://www.wordfence.com/blog/2016/08/will-always-put-
customers-community-first/)

------
soared
Reply from the plugin author [0]. Seems like a genuine response, but I really
don't buy it. IMO he knowingly added malicious code and is playing dumb. TL;DR
he shared is credentials with another developer for a "partnership". He was
completely unaware of any wrongdoing, and apologizes profusely.

I made 3 mistakes:

Used same account for all commits. Misunderstood the WP guidelines about
remote content loading. Did not properly verify the remote server response,
frequently.

....

I apologize

For making a BIG mistake that I could have avoided easily. For making a lot of
users to look for alternative plugins. For not detecting this issue by myself.
To the website owners, if you are affected by this incident.

I promise,

I will never share plugin commit access to others without having my control
over it. My plugins will never break any WordPress plugin guidelines. My
plugins will not break into users privacy. My plugins will be up to the coding
standard that WordPress suggests.

[https://thefoxe.com/blog/404-to-301-plugin-detected-by-
wordf...](https://thefoxe.com/blog/404-to-301-plugin-detected-by-wordfence-
here-is-what-actually-happened/)

