Hacked sites

Viewing 10 replies - 1 through 10 (of 10 total)

  • We were advised by our host to change the DB password and also change all user passwords. We ran a malware scan and there was no malware. We obviously deleted the wildcard redirects from the home page, also then deleted the bulk uploader plugin and made sure we had the latest version of the simple 301 plugin as well. Hopefully that’s the end of the issue.

    Funnily enough we had 5 sites targeted as well, out of over 50 sites – very random!

    We’ve had a couple as well. Concerning that the original thread was closed without comment.

    https://www.ads-software.com/support/topic/security-issue-301s-added-without-logging-in/

    Plugin Contributor Scott Nelle

    (@scottnelle)

    Hello all,
    I’m sorry to hear that this problem has affected your sites. I believe it is actually the Simple 301 Redirects Bulk Uploader add-on that is the problem. Do you have that installed? The author updated it on August 8th to patch a serious security issue. If you have it installed, you should immediately update it to version 1.2.5 https://www.ads-software.com/plugins/simple-301-redirects-addon-bulk-uploader/

    We encountered this as well. Note that the exploit was used to insert a top-level redirect “/” to an address at jackielovesdogs.com or tomorrowwillbehotmaybe.com. This redirect can be manually removed by editing the serialized list of redirects in the database. If the bulk uploader plugin has already been exploited, updating it will not clean the unwanted redirect out of the database. Query:
    SELECT * FROM <database-name>.wp_options where option_name like '%301_redirects%';
    This will return the record containing the serialized redirects.

    @scottnelle is correct – the problem was with the Simple 301 Redirects Bulk Uploader add-on which apparently has now been fixed.

    Can’t we just manually redirect from oldsites to new sites?

    Daniel

    (@doctor_dalal)

    Hi I had the same hack on all website that use this plugin.
    How do i fix this issue? and if i delete teh plugin it solves however all the redirects will go and im not sure it means that im still not hacked?

    Thread Starter jjwemyss

    (@jjwemyss)

    We fixed the problem by disabling the Simple 301 plugin (which wasnt the creator of the problem) and of course the bulk manager (which was what cause the problem). You may need to do it by ftp and just rename the plugin folder which will deactivate it. You then need to open the database in MyPHPAdmin and just go to wp_options and find a record for “simple_301” and remove any entries. From what we have seen it is only the entries here that have caused any problems. Then just reactivate the plugin.

    same issue my website redirect to jackielovesdogs.com/3001?, and i spend 2 hours to find the issue

    I saw with the jackielovedogs and tomorrowwillbehotmaybe hack, that once the plugin was either completely deleted or updated, the issue went away; just deactivating the plugin didn’t fix it. However, if it wasn’t in the 301 redirects, it had completely changed the siteurl in the wp_options table in the database.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Hacked sites’ is closed to new replies.