82 LiveChat malware infected severely impacted my website

Just got this email from Envato Market: “We are getting in touch to let you know about multiple security vulnerabilities in the 82 Live Chat WordPress plugin which you may have purchased or downloaded. The plugin versions 2.2 and earlier are affected by cross-site scripting (XSS), cross-site request forgery (CSRF) and SQL Injections.”

A couple of weeks ago I downloaded a “free” 82 LiveChat plugin from Envato Market. After activating the plugin on a WordPress site I started noticing the site I was building would crash with connection timeouts and 500 Internal Server errors. Eventually the site stopped working altogether, even unto this day, 2 weeks later, I can’t get to the site without using a VPN or my phone or have to go to Starbucks. After doing a trace route, and calling AT&T, I learned that AT&T has blacklisted my client’s IP, a GoDaddy website, and all his websites share this IP. It happened WHILE I was using LiveChat. Later in the day, I had to finish the site at Starbucks. I had a sudden insight that the LiveChat plugin was the culprit, and I deactivated it right away, and the WordPress site began working normally again. Too late for my home AT&T Uverse account though, which I still can’t use to reach the site I built.

1 Like