Ian Anderson

Someone else has released a ‘block’ to drop into Gutenberg… https://www.ads-software.com/plugins/add-amazon-block/

I had hoped it would make the amazon plugin work in Gutenberg, but I suspect it’s a totally separate amazon affiliate plugin (of unknown quality) and nothing to do with the Amazon Associates Link Builder at all.

Since the whole Gutenberg debate is a real hot potato right now, it’s disappointing that no one from the amazon plugin’s development team will comment. But then, it did take them forever to make the darn plugin to start with…

Still in beta and already obsolete ;-(

Hey Mitishi,
I have same notice since updating BUT, I don’t use the plugin you mentioned so the problem isn’t just restricted to that particular plugin.

Hmm….

Hi,
Sorry to resurrect an old post but guess what? The problem fixed itself today.

The only change was to upgrade to Chrome Canary because I had an insurmountable problem with the existing chrome browser (wouldn’t open or let me update etc.)

The top graph works fine now. Curious.
Cheers
Ian

Hi Penny, did you read my post above re the config file?

Might not be what’s causing your problem but you never know.
Good luck

Hey Rocco,

I think it was an ‘own goal’! I half remember moving the config file up a level into the root as I read that it would be more secure (I’d just spent ages cleaning up after a mailpoet intrusion). Then WordPress did an upgrade and I think it ‘forgot’ where the file was hence the site not loading at all.

I moved the file and all is well in the world.
Thanks for looking in!
Cheers

If it’s not too late you can use menubar colour changer on twenty eleven.

Yes it was a shock for me. I thought that if you avoided the ‘admin’ user name and had a bulletproof password you were relatively safe. I never thought in a million years that someone could literally walk in the ‘backdoor’ and alter 500 php files, even jumping into add on domains on a shared server.

Still, Eli’s anti malware plugin did a great job for me and even earned him a $30 donation which is rare for me, (I like to do stuff myself and that can make you a little ‘tight’ lol)

Have a great, malicious code free weekend Peter!

Thanks for the info Peter, your knowledge surpasses my own by a country mile!

I tried wordfence and securi to no avail but then I tried Anti-Malware (Get Off Malicious Scripts) and that found (and fixed) over 500 affected files.

Time will tell if we got it all I guess. The plugin takes good time to scan the whole thing (up to an hour) and then automatically fixes it.

Seems like quite a bad situation, but it did make me shell out for vaultpress so that I am better protected next time.

How did you guys clean the added code out of the WP-content directory (especially the ‘cache’ directory)?

I have many hundreds of instances of the bad code that will take ages to do manually!

Oh, I forgot. I also found this in the mailpoet knowledge base which matched what I found on my own site….

“How do I know if my site has been hacked?
To find out, simply look for any PHP files in the folder wp-content/uploads/wysija on your site’s server and all of its subfolders.”

Alas, I found such a file.

Yes, losing settings was my worry but they do seem to ‘find themselves’ again after re-installing which is good news.

I read a lot after searching for similar symptoms which matched what others had experienced. Plus I raised a query elsewhere here and a mod was confident that it was the mailpoet hack, pointing my efforts in the right direction.

I should point out that the latest version of mailpoet is clean and that I was offline (hols) so missed all their efforts to notify us.

It seems clear that mailpoet was the victim of this particular attack but it’s not particularly fair to ‘point the finger’ as they were the victim of malicious intent from outside.

How did you get wordfence to scan the pugins mixmethods? Just that WordPress wouldn’t recognize my plugins after the foreign code had been added and so the dashboard was as if there were no plugins installed and therefore non-scanable (if that is even a word!)

Good luck and let is know if you learn anything interesting!
Ian

Yes second time for me too (first time I tried to use old back ups to fix)

Wordfence is good but…… because the plugins are deactivated wordfence (or any anti hacking software) isn’t scanning the actual plugin folders.

I have found the code (injected into the top of EVERY php file in the plugins folder!! It’s a whole bunch of seemingly gibberish (well to me at least lol!)

I tried deleting it on all the files within a single plugin and the WordPress dashboard automatically reinstated the plugin. Yippee!

Now I ask myself do I want to do this for all the plugins I have (20) or do I simply delete the plugin folders via FTP and simply download them again via the WordPress backend/dashboard…….

The mailpoet vulnerability affects even websites that don’t have mailpoet installed, but are on the same(shared)server, so my other blog was ‘infected’ even though it didn’t have mailpoet installed.

In the end I updated the core files by allowing wordfence to auto correct (about 500 files!) and I think I’ll just start over with the plugins… there are a LOT of php files in each one.

I feel like I am struggling with this one alone (Hostpapa support dismal, mailpoet guys understandably snowed under with tickets etc) even though sucuri report tens of thousands of sites affected.

I just hope I get it all as even a singe page missed (the code creates a ‘backdoor’) will start it all over again…. very “Matrix” like I must say!

How are you guys getting on?

Do you have mailpoet plugin installed?

This happened to me as a result of a vulnerability with the above plugin.

Currently using wordfence to clean up my install but I think I’ll need to delete all the plugins via FTP and re-install them because wordfence isn’t scanning the plugins as they are deactivated by wordpress due to inaccurate headers (malicious code added to php files throughout.)

Hope this will ‘fix’ it!