Malware Alert to all my Readers!

Even though my Blog is hosted on a supposedly-secure Linux machine, on which the core WordPress Files have permissions set such, that the Web-server cannot write to them, there is always some slight danger, that an infection can make its way onto my blog, through plug-ins which I have installed, which come from the WordPress site, but which are not under the scrutiny of the Debian software team, who created my WordPress core files. My Web-server can also self-install updates to those plug-ins, from their respective owners, because the write-permissions of the plug-ins directory are such that it can. ( :1 )

The reader may have noticed that there used to be an icon in the bottom of my postings, which allowed him either to Print the posting, to Save it as a PDF, or to Email it elsewhere. This icon was due to the ‘PrintFriendly Plug-In‘.

This plug-in did not even install any suspicious code on my server, but is cloud-based, in that any use made of it will redirect to the Web-site and servers, belonging to PrintFriendly. Not only that, but the icon itself can contain links to their site.

Well today I did notice, that my Web-browser, when pointed at my own site, tried running scripts from a site called ‘kxcdn.com’, and which my own browser had the installed extensions to block. This raised an alarm-bell in my head, and I went into action, looking for any contagion.

The PrintFriendly plug-in, or more correctly, their site it pointed to, was the source of that contagion. Deactivating that plug-in has now taken away the capability of the readers, to Print, to PDF or to Email my postings. But it has also removed any of the malicious attempts to redirect to ‘kxcdn.com’. The threat has effectively been neutralized on my server.

But, If You Did open that site, it would possibly have led you to This Situation. If it did, I hope you did not fall for their ploy. I apologize profusely if this happened to you, and do my best to control such problems from the first moment I notice them.

I have now installed the WordPress-security-extension ‘WordFence‘, and hope that this will reduce any vulnerabilities in the future.

Dirk

1: ) Actually, before my WordPress instance can update its plug-ins, I need to authorize the event. However, this safeguard only determines at what time updates can take place in practice, and just might make me aware of some suspicious activities that have yet to happen. It does not actually control, what code is inserted in the update.

However, as of now WordFence does control this, and has given me a clean bill of health!

wordfence_1

 

 

Print Friendly, PDF & Email

3 thoughts on “Malware Alert to all my Readers!”

  1. Hello Dirk,
    fyi: I also found some hints that kxcdn.com might be some kind of malware and asked the support for explanation.
    Best regards
    Thomas

    1. Dear Thomas,

      Obviously, in the posting that you replied to, this was my highest concern.
      But, according to this later posting I had written, I put this premise to a better test, and found no real malware.

      What seems to have happened, is that kxcdn.com simply seems to be a Content Delivery Network – hence the CDN in the domain name, and that at some point, a real Trojan was making use of this content delivery network. This could be similar, to how any Web-hosting service is ultimately not responsible, if their clients use them to distribute malicious content.

      As for the PrintFriendly button, what I have now done is to pay for a subscription with them, and doing so should remove any motivation they might have once had, even to include Ads in their pop-up etc.. In order for this button to work fully on my site, it needs to be given the privilege to open a pop-up in your browser.

      It should really be completely safe to you – my reader – that I have this button, and that somehow it links to a URL associated with kxcdn.com .

      Dirk

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>