UpdraftPlus Home › Forums › Paid support forum – UpdraftPlus backup plugin › Bad URL in UpdraftPlus file
- This topic has 17 replies, 11 voices, and was last updated 5 years, 2 months ago by Dee Nutbourne.
-
AuthorPosts
-
February 18, 2019 at 11:57 am #349812SteveParticipant
Hi there,
The following file was correctly found by Wordfence this morning as containing a blacklisted URL:
Filename: wp-content/plugins/updraftplus/includes/class-onedrive-account.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Bad URL: https://login.microsoftonline.de/common/oauth2/v2.0/authorizeDetails: This file contains a URL that is a suspected phishing site that is currently listed on Google’s list of known phishing sites. The URL is: https://login.microsoftonline.de/common/oauth2/v2.0/authorize
Screenshot of issue:
https://www.dropbox.com/s/53w9yz9bsixitdo/bad-url.png?dl=0Please can you let me know what can be done, or if an update will be due?
I would like to avoid blacklisting of the 25 websites that use UpdraftPlus!Many thanks
Steve DayFebruary 18, 2019 at 12:39 pm #349824ByronParticipantFollowing: Also received this warning from Wordfence.
February 18, 2019 at 12:47 pm #349827BillieParticipantFollowing: Also received this warning. Checked the downloaded zip file that I purchased recently and the downloaded file contains the same phishing url. So, this was not injected after uploading to my site.
Thank you for a great product!February 18, 2019 at 12:47 pm #349828BillieParticipantFollowing: Also received this warning. Checked the downloaded zip file that I purchased recently and the downloaded file contains the same phishing url. So, this was not injected after uploading to my site.
Thank you for a great product!February 18, 2019 at 1:54 pm #349859RossParticipantI’m in the same position with all of my clients’ sites…
February 18, 2019 at 2:05 pm #349865udadminKeymasterHi,
It’s an official site of Microsoft Germany: https://docs.microsoft.com/en-us/office/enterprise-includes/o365endpoints/office-365-germany-endpoints
Please do report this false positive to Wordfence so that they can fix it.
Best wishes,
DavidFebruary 18, 2019 at 2:12 pm #349870RossParticipantThanks, David. That’s very good to know. We can also report this as a false positive to Google via https://safebrowsing.google.com/safebrowsing/report_error/?hl=en
February 18, 2019 at 2:20 pm #349873udadminKeymasterFebruary 18, 2019 at 2:41 pm #349887EdwardParticipantSame here, I’m getting this error on 20+ sites that I host for clients, but I do believe it’s a valid, Microsoft URL that has somehow been flagged by Google (which is where Wordfence gets it’s list from)
If you try to visit the URL both Google and Firefox will warn you that it’s been flagged as a deceptive site.
===========
Filename: wp-content\plugins\updraftplus\includes\class-onedrive-account.phpFile Type: Not a core, theme, or plugin file from wordpress.org.
Bad URL: https://login.microsoftonline.de/common/oauth2/v2.0/authorize
Details: This file contains a URL that is a suspected phishing site that is currently listed on Google’s list of known phishing sites.
The URL is: https://login.microsoftonline.de/common/oauth2/v2.0/authorize
============February 18, 2019 at 2:41 pm #349888udadminKeymasterI would like to avoid blacklisting of the 25 websites that use UpdraftPlus!
There’s zero danger of that; UpdraftPlus doesn’t have reason to put anything, ever on the front-end of your site.
The URL appears in the source code, because it’s used to authenticate with Microsoft Germany when using OneDrive for Germany.
February 18, 2019 at 3:11 pm #349909ScottParticipantYep, got the critical warning here too. Glad to see I’m not the only one.
February 18, 2019 at 5:30 pm #349987BettyParticipantGetting the same message
February 18, 2019 at 6:22 pm #350021AnonymousInactiveAlso have the same message- glad I’m not the only one!
February 18, 2019 at 6:55 pm #350030udadminKeymasterTo all those adding “me too” messages… please read further up the thread for the final outcome; it’s already there.
February 18, 2019 at 8:37 pm #350229BillieParticipantSo, you want us to report it to wordfence and safebrowsing? I don’t feel like I’m informed enough to report it. Seems like that’s something that you guys at UpdraftPlus should do.
-
AuthorPosts
- The topic ‘Bad URL in UpdraftPlus file’ is closed to new replies.