Possible plug in hack? (redirection)

  • Resolved carlosvai

    (@carlosvai)


    2 years, 3 months ago

    Hi!
    I have a serious problem and I wanted to ask for help and guidance. I send notifications to my subscribers via wordpress posts.

    Today I didn’t send any update, but when I look at my phone and PC (both subscribed to my website) I receive a message with my domain but when I click on it, it takes me to a spam site (adult). I see the message delivery of this message in my “sent messages”, but I can not figure out how the hell this happen.


    I’m aware of WordPress hacks, but in this case I don’t have any problem with anything else. This is very strange.
    If someone had this problem or any idea, I will be greatly thankful!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter carlosvai

    (@carlosvai)

    Let me add a couple of details.

    The launch URL was from a bit.ly link when I click on that it sends me to a dating site (I guess I can not share that here)

    What really calls my attention is that

    1. The featured image is not present in my site, they used the other site FI
    2. I made a Wordfence scan and as i suspected everything is ok

    I’m really clueless ??

    The sent was made via API, so is not a compromised One Signal account issue.

    I deactivated the OS plug int… let’s see if this happens again.

    Thread Starter carlosvai

    (@carlosvai)

    Ok, so I found a couple of resources about this problem https://www.ads-software.com/support/topic/onesignal-hacked-server/

    Of course I have no idea how my Rest api key was hacked. But either way I would love to know how to avoid this in the future. I will test with “Identity Verification for email + external_id” enabled, and let you know how it goes

    https://documentation.onesignal.com/docs/identity-verification

    Thanks.

    Hello

    This is unfortunate and we will do everything we can to assist.

    Please follow the steps outlined here to lock down your account and reset your Keys and Password to prevent this from happening: https://documentation.onesignal.com/docs/data-questions#my-account-has-been-compromised-what-should-i-do

    Please make sure you do not use the same email-password combo for OneSignal as other sites.

    Also, please check that your OneSignal REST API key did not get published anywhere public like within your app/site or places like Github.

    We do not keep track of IP Addresses that send push notifications, but if you see this happen again after following the above steps, please let us know ASAP and share the links to the messages from your dashboard so we can look into it.

    Thank you

    Please contact [email protected] and we will continue to work on it as soon as possible. thanks

    Thread Starter carlosvai

    (@carlosvai)

    Hi, thanks for getting back.

    I already changed everything, WordPress and onesignal site paswords, REST API key, User auth key, and enabled 2 step login.

    Since then, I did not have a problem, but I’ve read in another thread that he had the same problem after changing the passwords
    https://www.ads-software.com/support/topic/onesignal-hacked-server/

    Maybe he didn’t change the USER AUTH KEY?

    I will contact support, thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Possible plug in hack? (redirection)’ is closed to new replies.