WebShell fix

This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
-	8:00 – 13:00	9:00 – 13:00	9:00 – 13:00	8:00 – 12:00	8:00 – 12:00	-
-	14:00 – 17:00	14:00 – 18:00	14:00 – 18:00	13:00 – 17:00	13:00 – 17:00	-

Supporter timezone: Europe/Zagreb (GMT+01:00)

Tagged: Bug

This topic contains 7 replies, has 2 voices.

Last updated by Giuseppe Toto 2 weeks, 1 day ago.

Assisted by: Bruno Kos.

Author	Posts
November 14, 2024 at 1:36 am #16400366
christopheF-5	Background of the issue: I am trying to deploy websites on Alibaba Cloud servers. Recently, Alibaba Cloud reported that many websites have WebShell. The issue is related to files in the wp-content/plugins/sitepress-multilingual-cms/vendor/otgs/installer/includes/utilities/FP/Logic.php and wp-content/plugins/otgs-installer-plugin/vendor/otgs/installer/includes/utilities/FP/Logic.php with MD5: 5889f0565aee3c571662e180e21c44bb. Symptoms: Alibaba Cloud reported Trojan files with malicious behavior tags such as uncertain value defense bypass, branch defense bypass, and arbitrary PHP code execution. Questions: Can you arrange a fix for this issue?
November 14, 2024 at 7:50 am #16400925
Bruno Kos Supporter Languages: English (English ) German (Deutsch ) French (Français ) Timezone: Europe/Zagreb (GMT+01:00)	Hi, Thank you for contacting WPML support! I am checking this with our 2nd tier. Apart from our the above screenshots, is there maybe additional info on the exact code parts that are reported as being malicious? Regards, Bruno Kos
November 14, 2024 at 9:23 am #16401395
christopheF-5	Sorry, unfortunately it's not highlight the part of the code.
November 14, 2024 at 1:25 pm #16402731
Bruno Kos Supporter Languages: English (English ) German (Deutsch ) French (Français ) Timezone: Europe/Zagreb (GMT+01:00)	I see. We are checking with with our development team and will keep you posted.
November 18, 2024 at 6:14 am #16412836
Bruno Kos Supporter Languages: English (English ) German (Deutsch ) French (Français ) Timezone: Europe/Zagreb (GMT+01:00)	This issue has been escalated to WPML developers. I will keep this thread updated as soon as I get any new information from them!
December 24, 2024 at 2:09 am #16542252
christopheF-5	Hi Team, Can you please update what's the status about this? It's been a month, and we keep receiving warning from the hosting provider, but didn't see any fix from your team.
December 24, 2024 at 7:23 am #16542765
Bruno Kos Supporter Languages: English (English ) German (Deutsch ) French (Français ) Timezone: Europe/Zagreb (GMT+01:00)	Our team of developers is actively working on this issue. However, it is quite complex and is planned to be addressed in WPML version 4.7. Currently, 4.7 is in its Beta 1 phase and is not recommended for production sites. Unfortunately, the solution for this issue is not included in the beta version. At this time, I’m unable to provide specific dates for when this will be fixed, as it depends on the release timeline for version 4.7, which has not been finalized yet.
January 23, 2025 at 3:28 pm #16628966
Giuseppe Toto Supporter	Hi ChristopheF-5, I am a developer from the WPML Team, and I am currently working on replicating the issue you reported. However, I need your assistance to proceed further. Could you please provide detailed steps to reproduce the issue? I have already set up an EC2 Alibaba instance with an enterprise account, with WordPress and WPML installed and configured. At this point, I need detailed guidance on how to correctly set up and run the web shell detection service. Please provide all the necessary steps to replicate this phase. Looking forward to your response. Best regards, Giuseppe Toto WPML Team