One client had their Dev who was working with us to manage their e-commerce platform. The dev sent us the link to two wordpress plugins he wanted to install. We looked at them and said their was no issue installing them and that it would not affect other plugins or the website.
He installed them and then few days later their google ads account got suspended because a malicious URL was detected on the website. The company came at us very hard and strong blaming us and then asking us to hurry to fix it.
Upon investigation I found that the wordpress installation had been compromised by the dolohen malware. The client's dev had installed cracked versions of the plugin instead of the 5$ versions. The malware had copies of itself in the database, other php files and would not add its code for users logged-in the platform. The code would only inject the malicious links if the users were guests (pretty smart)
Until we pinpointed the issue and were it came from the relations were very tough and complicated.
One client had their Dev who was working with us to manage their e-commerce platform. The dev sent us the link to two wordpress plugins he wanted to install. We looked at them and said their was no issue installing them and that it would not affect other plugins or the website.
He installed them and then few days later their google ads account got suspended because a malicious URL was detected on the website. The company came at us very hard and strong blaming us and then asking us to hurry to fix it.
Upon investigation I found that the wordpress installation had been compromised by the dolohen malware. The client's dev had installed cracked versions of the plugin instead of the 5$ versions. The malware had copies of itself in the database, other php files and would not add its code for users logged-in the platform. The code would only inject the malicious links if the users were guests (pretty smart)
Until we pinpointed the issue and were it came from the relations were very tough and complicated.
I did a full write up on my old blog:
web.archive.org/web/20191016173625...