Hummingbird redirecting to malicious site

Hi @tburt51

Sorry to hear you had this issue.

Could you please upload the screenshot to google drive and share the link?

Usually, this issue is not related to the caching plugin but to the cache file including the injected code.

The Hummingbird will create the HTML cache based on the page content output.

So for example, you had the theme or any plugin infected which injected a script to the header section, Hummingbird will create the HTML including that script, the plugin won’t know that HTML has infected code, it is not a security plugin but caching, so later the plugins were updated, but the HTML still have the script the redirect will persist until the user flush the cache and new file is generated using fresh code.

The same works for Assets Optimization, the plugin will optimize and compress the files JS scripts from plugins and themes, it doesn’t check if the file was modified.

If you are having security issues I suggest using our WPMU DEV Defender plugin https://www.ads-software.com/plugins/defender-security/.

If this would be the case, it doesn’t mean the Hummingbird is compromised only the plugin is working as it should be getting the website code and creating a cached version.

We would like to look further on this report too, can you share the screenshot where your hosting found the issue?

Was it in a PHP file or only in cache files?

Did your hosting create a backup before cleaning the site? ( Please don’t share any backup file here as it is a public forum )

Best Regards
Patrick Freitas

Hi,

I’m experiencing the same redirect, but I don’t have the Hummingbird plugin installed.
Both me as my clients (I have a webshop) visiting the site are experiencing this malicious redirect.
I’m not a coder either and to find the security breach I have no idea.
The issue is occasionally, not all the time and the website it’s trying to reach is not found. But for me and my clients this is extremely annoying!

Roy

HI @roygilsing

I hope you’re well today!

As mentioned by my colleague in previous response, Hummingbird itself is not causing it and since you don’t even have it installed, it means that site is infected and requires full check and cleanup.

You can use plugins such as our own free Defender to run a malware scan on site and there’s a good chance it will help you identify infected files:

https://www.ads-software.com/plugins/defender-security/

and later on, secure the site.

However, if it comes to cleanup and/or more advanced steps to investigate the infection and deal with it, please start a separate ticket of your own here

https://www.ads-software.com/support/forum/how-to-and-troubleshooting/#new-post

Kind regards,
Adam

Hi,

I had the same problem with my site redirecting to a SPAM site, but I don’t have the Hummingbird plugin installed, so this plugin didn’t cause my problem.

After some investigation I found that a plugin was installed but it doesn’t show up in my wordpress admin panel.

I had to go to the server directory and delete that plugin’s folder, in my case it was “zend-fonts-wp”.

This link helped me find the solution
https://blog.sucuri.net/2021/07/vulnerable-plugin-exploited-in-spam-redirect-campaign.html

Hi @tiagoacc,

That’s it! I found the malware in the same location!
I used Malcare to detect it and to clean it.

Roy

Glad to hear you all managed to resolve your issues. Since these aren’t related to Hummingbird I’ll go ahead and mark this thread as resolved for now.

Have a great day ahead.