WordPress.org

Ready to get started?Download WordPress

Forums

WP-PageNavi
Page navigation links calling a search query? (42 posts)

  1. Farwalker
    Member
    Posted 3 years ago #

    So I could be off, as I'm no security expert, but with the research I conducted I found some references that shed some light on the above referenced link that scribu commented was malware.

    Basically it's a php injection that exploits the view page php. The hackers are using Local File Inclusion vulnerabilities and
    injection malicious code in proc/self/environ. It goes after the view page php and perhaps that's why Pagenavi is affected.

    Now perhaps your issue Rafael is different since I haven't seen the code that is appended after your domain on the bottom navigation bar. But for me, I do believe that was the issue.

    When this went down, I decided to move to a new host that was far superior in security (previously I was on shared hosting) along with installing the most popular WP security plugins (BulletProof Security, Secure WordPress, etc), downloaded a fresh install of WP and increased my password strength. Basically tried to make the best of the situation by upgrading the virtual walls around my domain. So far the issue has not returned. I 301'd all offending nav links that showed up in Google webmaster tools and will continue to monitor the situation.

    So if your bottom nav links have something like this in them "option=com_product&controller=" then perhaps you have issues with malicious php injections.

    Here's a few links I found, or you can type in 'php injection wordpress' into Google.

    http://www.webdeveloper.com/forum/showthread.php?t=232277

    This explains how a forced php injection is done:
    http://foro.undersecurity.net/read.php?15,3768

  2. Rafael Fischmann
    Member
    Posted 3 years ago #

    I think my issue is different and simpler, it's just appending a search query next to page navigation links on the homepage. That's it.

  3. BilalBhatti
    Member
    Posted 3 years ago #

    Dude, to solve this issue, do one of these things:

    1. Either remove WP-Super Cache
    2. Either remove Google Analytics
    3. Add the following code to your robots here http://macmagazine.com.br/robots.txt

    User-agent: *
    Disallow: *com_product*
    User-agent: Slurp
    Crawl-delay: 3

    User-agent: Googlebot
    Disallow: *com_product*

  4. Rafael Fischmann
    Member
    Posted 3 years ago #

    1 and 2 aren't options now, and the 3rd suggestion only solves the SEO problem. The query terms will still be appended to my page navigation links, which is awful and doesn't let my visitors see all my content.

  5. BilalBhatti
    Member
    Posted 3 years ago #

    @Rafel: Go for W3 Total Cache.

  6. Rafael Fischmann
    Member
    Posted 3 years ago #

    I began as a WP-Super Cache user, then moved to Hyper-Cache then to W3 Total Cache for many, many months. I went back to WP-Super Cache about three months ago and am very satisfied with it.

    I'll give Donncha some time to study this and see if he can find out what's going on. Otherwise, going back to W3 might be my solution.

    Thanks mate.

  7. BilalBhatti
    Member
    Posted 3 years ago #

    Mean while Donncha solves the issue, block the queries from crawling though robots.txt to save your Google PageRank.

  8. Rafael Fischmann
    Member
    Posted 3 years ago #

    Good idea. Just done it.

  9. Donncha O Caoimh
    Member
    Posted 3 years ago #

    'Mean while Donncha solves the issue, block the queries from crawling though robots.txt to save your Google PageRank.'

    I can't solve the issue because there is no issue with Supercache. Read my previous message. Supercache is caching a page that has somehow been interfered with. At least as far as I can tell from what you say.

    You removed the Google Analytics plugin and the problem went away. That should tell you the problem is there. Supercache is simply caching the page.

    Please try another page caching plugin and I'm quite sure the problem will arise again, or try to debug it and track down the problem yourself. I can't as I've never experienced it myself.

  10. Rafael Fischmann
    Member
    Posted 3 years ago #

    There's no need to try another caching plugin, we only need to access the site without WP-Super Cache enabled. Problem gone.

    I'm not using any Google Analytics plugin, as I said. I've only installed its native code from Google in my header.

    Maybe I'll have to go back for W3 Total Cache.

  11. narco
    Member
    Posted 2 years ago #

    Just put in this in the control panel wp-supercache Accepted Filenames & Rejected URIs

    /page/*/?
    /?

    and the plugin don't cache that pages

  12. narco
    Member
    Posted 2 years ago #

    Sorry, Add this:

    /page/.*/\?
    /.*\?

    I forgot the regular expresions

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic