WordPress.org

Ready to get started?Download WordPress

Forums

WP-PageNavi
[resolved] Crazy italian text added to the URL o_O (7 posts)

  1. Sabinou
    Member
    Posted 2 years ago #

    Hello,

    A friend whose blog is hosted on my server (I'm sorry, I apologize, I can't give you the URL) reported me of a problem, however, for the life of me, I can't find from where the problem may come. He, as for him, states he didn't install fishy stuff, and since I am rather uptight on server security, I'd like to believe him.

    The problem is with the Wp-PageNavi.

    The "next page" / "previous page" URL links do start with the blog's URL/page/page_number...
    however...
    they have SUPER DUPER CRAZY ITALIAN WALL OF TEXT added after them, and for the life of me, I can't figure out where it may come from ?!?

    Four log entries with that stuff (the last line has the clearer text, with stuff like %20 converted into proper space characters) : http://pastebin.com/m2A8HaxG

    I decided I'd fix it in five minutes and then parade as The Big Guy, but sadly, I failed at finding where it may come from.

    The database didn't contain any mention of the words present in that long string of text, even fishy stuff like \xb7 that you'd rather expect from a code line than a straight text line.

    The blog's internal files, themes, core, plugins, didn't contain any mention either.

    Paranoid as I am, I searched for various eval, decode, and the like, but, nothing fishy, no backdoor or anything waving a little "hi" at me.

    It only shows when one is not logged as admin. Thus, I suspected Wp-SuperCache, but deactivating right after emptying the code didn't change anything.

    Lots of searching later, I found that that stayed as a permanent parameter in the blog's URL (www.website_adress.com/?s=This%20is%20called%20%2Aeffetto%20serra%2A%20muahuahauhhRispondi%20%B7%... ... ...) unless I re-typed the adress cleanly without the ?s= string - and then everything worked again correctly O_o

    So, there are two problems, the apparition of this italian wall of text inside a search query, and also the fact that the search query doesn't disappear from the URL when we navigate through the blog's pages.

    I'm absolutely puzzled and unable to find a fix.

    Searching server logs didn't return anything useful in the error_log blog's file, but I haven't searched yet the access_log. Imagine, a grep "muahuahauhhRispond" access_log_file_name_for_that_blog > output.log returned a 1.5 GB text archive. That file is being currently recompressed to bzip2 before I download it and browse it.

    Please, would someone have an idea about it ?
    My pride is hurt, and I see an interesting challenge !

    Thank you VERY MUCH if someone can help, throw ideas, pointers, everything is welcome :)

    http://wordpress.org/extend/plugins/wp-pagenavi/

  2. scribu
    Member
    Plugin Author

    Posted 2 years ago #

    PageNavi uses native WP functions to generate the URLs, so I would treat it as a generic exploit, rather than something targeted at or enabled through PageNavi.

  3. Sabinou
    Member
    Posted 2 years ago #

    Thanks for the reply !

    Do you think I should tag this thread for deletion and, then, post it as a new thread in general support forum ?

  4. scribu
    Member
    Plugin Author

    Posted 2 years ago #

    Yeah, I guess that would give you a better chance of getting attention, but most advice could probably be found here:

    http://codex.wordpress.org/FAQ_My_site_was_hacked

  5. Sabinou
    Member
    Posted 2 years ago #

    Haha, I must know that page by heart, I've had more than my fill of problems in the past, I'm asking here because I haven't (yet ?) found a page documenting the same kind of problem as I got :)

  6. Sabinou
    Member
    Posted 2 years ago #

    I think I got the gist of the problem, so this is NOT related to pagenavi instead, I apologize for the trouble.

    I'll post an updated question elsewhere, with a link to this thread that I'll close as soon as I can come back here with a link to the new thread.

  7. Sabinou
    Member
    Posted 2 years ago #

    There, the new question thread is on that page :
    wordpress.org/support/topic/wordpress-wp-supercache-deficiency-i-need-help-please?replies=1

    Sorry for the trouble ! :)

    * thread closed *

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic