60 win APK,Please complete first the turnover requirement of your Claimed promotion.REGISTER NOW GET FREE 888 PESOS REWARDS!

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)

Forum: Hacks
In reply to: How To Make A PHP Include Function Within A Post

Thread Starter Farwalker
(@farwalker)

13 years, 8 months ago

Thanks for the reply Security Man – might end up doing that. Anyone else have any thoughts on the question? Thanks.

Forum: Plugins
In reply to: [WP-PageNavi] [Plugin: WP-PageNavi] Page navigation links calling a search query?

Farwalker
(@farwalker)

14 years, 1 month ago

So I could be off, as I’m no security expert, but with the research I conducted I found some references that shed some light on the above referenced link that scribu commented was malware.

Basically it’s a php injection that exploits the view page php. The hackers are using Local File Inclusion vulnerabilities and
injection malicious code in proc/self/environ. It goes after the view page php and perhaps that’s why Pagenavi is affected.

Now perhaps your issue Rafael is different since I haven’t seen the code that is appended after your domain on the bottom navigation bar. But for me, I do believe that was the issue.

When this went down, I decided to move to a new host that was far superior in security (previously I was on shared hosting) along with installing the most popular WP security plugins (BulletProof Security, Secure WordPress, etc), downloaded a fresh install of WP and increased my password strength. Basically tried to make the best of the situation by upgrading the virtual walls around my domain. So far the issue has not returned. I 301’d all offending nav links that showed up in Google webmaster tools and will continue to monitor the situation.

So if your bottom nav links have something like this in them “option=com_product&controller=” then perhaps you have issues with malicious php injections.

Here’s a few links I found, or you can type in ‘php injection wordpress’ into Google.

https://www.webdeveloper.com/forum/showthread.php?t=232277

This explains how a forced php injection is done:
https://foro.undersecurity.net/read.php?15,3768

Forum: Plugins
In reply to: [WP-PageNavi] [Plugin: WP-PageNavi] Page navigation links calling a search query?

Farwalker
(@farwalker)

14 years, 2 months ago

Rafael,

I’m getting the exact same issue on my blog. Just started to be an issue with the past week or so. In the Google Webmaster Tools, Google is started to display those links as 403 Crawl Errors. Though the issue appears and disappears at random.

Scribu, below are the plugins installed for my blog. Would you have any ideas on any potential conflicts? I could then mess around with activating and deactivating until I figure out what’s causing it.

Though, I haven’t installed any new plugins for a while now and up until a few weeks ago there were no issues with the WP-Pagenavi plugin displaying random searches.

Here’s an example of one: https://www.productscoop.com/page/10/?option=com_product&controller=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00

Active Plugins:

Akismet
All in One SEO Pack
Contact Form 7
Display widgets
Google Analyticator
Google XML Sitemaps
Pretty Link (Lite Version)
Simple 301 Redirects
WP-PageNavi
WP Minify
WP Super Cache

Viewing 3 replies - 1 through 3 (of 3 total)