Is WordFence hacked? wp_wfHoover is full of Zanax references?

  • Resolved accuratelimited

    (@accuratelimited)


    9 years, 6 months ago

    On Internet Explorer mobile and Desktop 11 I have noticed that links to buy Xanax on line are appearing when the viewport size is less than 400 pixels.

    I am beginning to find the culprit and looked in htaccess then did a DB search. I found 106 references to Zanax but only in the wp_wfHoover db table.

    They all look something like this

    owner: wp-content/cache/page_enhanced/www.arra.org.nz/scrum-sequence-crouch-bind-set/_index.html

    host: https://www.arra.org.nz
    path: /xanax/1-mg-xanax/
    Hostkeys are all different

    I’m using permalinks so not sure what the _index.html is all about.

    Wordfence is not coming up with any errors. I’m currently adding more check boxes.

    https://www.ads-software.com/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)

  • That’s the first I’ve heard of this situation. If you’re seeing that injected in a WF table, I’d recommend removing the plugin and data and doing a reinstall.

    https://support.wordfence.com/support/solutions/articles/1000010321-how-can-i-remove-all-wordfence-data-or-reset-wordfence-to-the-default-settings-

    -brian

    Thread Starter accuratelimited

    (@accuratelimited)

    Hi Brian,

    Thanks for the reply. It may have been something to do the genericons stuff and it was maintaining the information in the cache? Still, it was odd that neither isithacked, your plugin or other sites said there was a problem.

    Perhaps the plugin should clear the cache when a security update is released? If if does, sorry I hadn’t clicked that option.

    I have uninstalled the plugin and removed the tables and all seems to be working again with my site.

    May I say though, the whois registered owner of the site received an email from some online web company [redacted] signed by a “Wesley Slade” which caused me some issues. This was directly after my adding the post above. I assume this company is reading support forums. So, Wesley, don’t be a ####.

    Regards

    David

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is WordFence hacked? wp_wfHoover is full of Zanax references?’ is closed to new replies.