WordPress.org

Ready to get started?Download WordPress

Forums

Coming Soon / Maintenance mode Ready!
It got my site hacked (7 posts)

1 star
  1. Chefopld
    Member
    Posted 7 months ago #

    It infected my website. It uses iframe that makes all your 404 pages on the site redirect to a Penis Enlargement scam. And when you try to remove it, it creates a new directory with a .k file in it that continues its malicious work. Do NOT install it!

  2. esmi
    Forum Moderator
    Posted 7 months ago #

    The fact that your site was hacked does not automatically constitute a problem with this plugin. Do you have any direct evidence that this plugin was responsible?

  3. Chefopld
    Member
    Posted 7 months ago #

    It was a brand new website with nothing on it, except the default themes and plugins plus this plugin, which I installed from the dashboard. I had just started developing it and I wanted to see how the standard 404 page looked like on the new 2014 wp theme. All 404 links from my site redirected to some live9news Penis Enlargement site and I checked my .htaccess file for redirects but there was nothing there. Then I figured it must be an iframe of some sort so I searched all files on my installation through my linux console and found out lots of mentions about 'iframe' in the files of this plugin. It also has the option to redirect your coming soon page to another page and since it was the only thing that I have installed I just decided to remove it. When I tried to deactivate it, though, it opened a whole new blank pop-up page with a warning in the middle asking if I wanted to delete all my preferences as well. It was like nothing I have seen before and it was for sure not done in the wordpress dashboard. And since that didn't solve the problem, I got suspicious and checked all last modified files on my installation, again in my console. It clearly showed that after it removed the files of the plugin a new folder named 'wppp' or something like that was created in the plugin folder with a .k file in it. The file had an iframe with some random symbols so I deleted the whole folder and my problem was solved. I'm more than 100% sure it was this piece of shit plugin and I just had to tell other people about it.

  4. coming soon
    Member
    Plugin Author

    Posted 7 months ago #

    Thank you for your feed back.

    1. Please provide URL of the redirecting website, because for live9news
    I found only that website: live9news.com
    there're nothing about "Penis Enlargement"

    2. This is standart plugin function: "it opened a whole new blank pop-up page with a warning in the middle asking if I wanted to delete all my preferences as well"
    With this option you can remove all settings when delete plugin. Or leave them.

    3. Provide URL of your website, I'll try check what's can be wrong.

  5. Ready! Developer
    Member
    Posted 7 months ago #

    Hello.
    "When I tried to deactivate it, though, it opened a whole new blank pop-up page with a warning in the middle asking if I wanted to delete all my preferences as well" - this allow you deactivate plugin and leave all your saved options - in case you will need to re-activate it in future, so this is feature that help people to use it.

    Back to main issue - you say that our plugin create such a big problem - please provide the proof: part of code, something like that. Because you can have a:
    1. other soft on your server that create such issue
    2. virus on your server
    3. virus in your wordpress instance
    And main thing - if this is our plugin, that is now in use of around 118,000 people (see http://wordpress.org/plugins/coming-soon-maintenance-mode-ready/ - "Downloads") - this mean that almost all of their sites is now redirect to "Penis Enlargement site" - and no one didn't say it? This is really strange situation, please let me know here a proof of your words - and I will check it.

    Regards,
    Alexey.

  6. RedefineEverything
    Member
    Posted 6 months ago #

    Hi guys,

    I've got this re-direct happening on a site a manage at the moment and I never installed this plugin so I would presume it came from somewhere else.

    Still trying to find the cause of the problem myself.

    Thanks

  7. Ready! Developer
    Member
    Posted 5 months ago #

    Hello.
    RedefineEverything - in most cases this is virus on your server, try to ask your hosting provider to check your server with your php files for viruses.

    Regards,
    Alexey.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.