[Plugin: Add Link to Facebook] links are hijacked to softwarepromo.ru

Viewing 4 replies - 31 through 34 (of 34 total)

  • Maybe this can be of help:

    https://www.ads-software.com/extend/plugins/timthumb-vulnerability-scanner/

    I could reconstruct partially, what had happened to me.

    Some bot uploaded the code to the upload directory in the theme, then executed it, this code did update the .htaccess file using an append command.
    Afterwards it deleted itself.

    I could do this as my provider allows writeprotecting , or documenting any change done via the webserver – this including the related
    I had all directories change protocolled but unluckily not write protected. AND unluckily did not read the logs immediatelly.

    I don’t see, WHERE the weak point in my environment is really, as I have protected nearly eevrything meanwhile.
    ================================================================
    Btw google wilol realize this nwithin 1-2 days. Effect is, that as well Firefox as Chrome refuse to access not only the .ru site but also the yours. When access ing your site, you get a message that it is spreading malicous code (the .ru site does!!)

    The redirect was btw a bit more sophisticted in my case. It had several referrer links in it, which would allow you to access the page, if you dont come from a google search etc. Thus making it usually not visible to the owner himself, wheh accessing it via bookmark etc.

    Thanks for your report.

    If you find out how the bot uploads it scripts, please report it too.

    Did you scan your site with the Timthumb Vulnerability Scanner or another WordPress security scanner?

Viewing 4 replies - 31 through 34 (of 34 total)
  • The topic ‘[Plugin: Add Link to Facebook] links are hijacked to softwarepromo.ru’ is closed to new replies.