"Suspicious image file"
This topic contains 2 replies, has 2 voices, and was last updated by 
-
Posts
-
Hi Stephen,
I just had an email from my webhosts informing me that there was a “suspicious image file” on my server which they believed was a security vulnerability.
Critical – Jan 25 23:07:05 dionysus cxs[49973]: [‘/home/XXXX/wordpress/wp-content/plugins/event-organiser/screenshot-2.jpg’] – Suspicious image file (hidden script file)
Having examined the file, it is indeed a bit strange as it’s actually a PHP file with a jpg extension. It looks like this:
> add_action(‘admin_menu’, ‘donations_overview_menu’); function
> donations_overview_menu() {
> add_options_page(‘Donations overview’, ‘Donations overview’, ‘manage_options’, ‘donations-overview’, ‘donations_overview’);}
>
> function donations_overview() {
> if (!current_user_can(‘manage_options’)) {
> wp_die( __(‘You do not have sufficient permissions to access this page.’) );
> }
> echo ”;
> echo ‘Here is where the form would go if I actually had options.’;
> echo ”; }
>
> ?>I assume it’s safe to delete this file for now?
Thanks,
PaulPaul
Hi Paul,
Yes, please delete the file. (Screen shots are only ever needed on the repository anyway).
I’ve looked into whats happened – and it appears to have been an error on my part (at least its present in the GitHub repository) rather than being a hacked copy. The code itself is harmless, but nor are the screenshots necessary.
I shall fix this in 1.7. Apologies for any inconvenience.
Stephen Harris
Thanks. Figured it was likely something like a change management issue. All sorted.