Bad URL in UpdraftPlus file

This topic contains 17 replies, has 11 voices, and was last updated by  Dee Nutbourne 6 months ago.

Viewing 15 posts - 1 through 15 (of 18 total)
  • Author
    Posts
  • #349812
    Steve
    Participant

    Hi there,

    The following file was correctly found by Wordfence this morning as containing a blacklisted URL:

    Filename: wp-content/plugins/updraftplus/includes/class-onedrive-account.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Bad URL: http://login.microsoftonline.de/common/oauth2/v2.0/authorize

    Details: This file contains a URL that is a suspected phishing site that is currently listed on Google’s list of known phishing sites. The URL is: http://login.microsoftonline.de/common/oauth2/v2.0/authorize

    Screenshot of issue:
    https://www.dropbox.com/s/53w9yz9bsixitdo/bad-url.png?dl=0

    Please can you let me know what can be done, or if an update will be due?
    I would like to avoid blacklisting of the 25 websites that use UpdraftPlus!

    Many thanks
    Steve Day

    #349824
    Byron
    Participant

    Following: Also received this warning from Wordfence.

    #349827
    Billie
    Participant

    Following: Also received this warning. Checked the downloaded zip file that I purchased recently and the downloaded file contains the same phishing url. So, this was not injected after uploading to my site.
    Thank you for a great product!

    #349828
    Billie
    Participant

    Following: Also received this warning. Checked the downloaded zip file that I purchased recently and the downloaded file contains the same phishing url. So, this was not injected after uploading to my site.
    Thank you for a great product!

    #349859
    Ross
    Participant

    I’m in the same position with all of my clients’ sites…

    #349865
    udadmin
    Keymaster

    Hi,

    It’s an official site of Microsoft Germany: https://docs.microsoft.com/en-us/office/enterprise-includes/o365endpoints/office-365-germany-endpoints

    Please do report this false positive to Wordfence so that they can fix it.

    Best wishes,
    David

    #349870
    Ross
    Participant

    Thanks, David. That’s very good to know. We can also report this as a false positive to Google via https://safebrowsing.google.com/safebrowsing/report_error/?hl=en

    #349873
    udadmin
    Keymaster

    Microsoft documentation on German endpoints

    #349887
    Edward
    Participant

    Same here, I’m getting this error on 20+ sites that I host for clients, but I do believe it’s a valid, Microsoft URL that has somehow been flagged by Google (which is where Wordfence gets it’s list from)

    If you try to visit the URL both Google and Firefox will warn you that it’s been flagged as a deceptive site.

    ===========
    Filename: wp-content\plugins\updraftplus\includes\class-onedrive-account.php

    File Type: Not a core, theme, or plugin file from wordpress.org.

    Bad URL: http://login.microsoftonline.de/common/oauth2/v2.0/authorize

    Details: This file contains a URL that is a suspected phishing site that is currently listed on Google’s list of known phishing sites.

    The URL is: http://login.microsoftonline.de/common/oauth2/v2.0/authorize
    ============

    • This reply was modified 6 months, 1 week ago by  Edward.
    #349888
    udadmin
    Keymaster

    I would like to avoid blacklisting of the 25 websites that use UpdraftPlus!

    There’s zero danger of that; UpdraftPlus doesn’t have reason to put anything, ever on the front-end of your site.

    The URL appears in the source code, because it’s used to authenticate with Microsoft Germany when using OneDrive for Germany.

    #349909
    Scott
    Participant

    Yep, got the critical warning here too. Glad to see I’m not the only one.

    #349987
    Betty
    Participant

    Getting the same message

    #350021
    Anonymous

    Also have the same message- glad I’m not the only one!

    #350030
    udadmin
    Keymaster

    To all those adding “me too” messages… please read further up the thread for the final outcome; it’s already there.

    #350229
    Billie
    Participant

    So, you want us to report it to wordfence and safebrowsing? I don’t feel like I’m informed enough to report it. Seems like that’s something that you guys at UpdraftPlus should do.

Viewing 15 posts - 1 through 15 (of 18 total)

The topic ‘Bad URL in UpdraftPlus file’ is closed to new replies.