WordPress.org

Ready to get started?Download WordPress

Forums

Sociable
You're aware you've been hacked? (8 posts)

  1. Kuratur
    Member
    Posted 11 months ago #

    Hi,

    The Sociable plugin, version Version 4.3.4.1, appears to have been hijacked today. Around 1pm Eastern U.S. time it caused our blog posts to not display the blog contents and to display what appeared to be the site navigation menu for killerstartups.com.

    Here's what it's injecting into the source

    <div class="entry-content">
    			<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>KillerStartups.comâ„¢</title>
    <meta http-equiv="content-language" content="en" />
    <link href="/css/styleKiller.css" rel="stylesheet" type="text/css" />
    <script type="text/javascript">var disqus_iframe_css = "http://www.killerstartups.com/css/disqus02.css";</script>
    <link type="image/x-icon" href="/favicon.ico" rel="shortcut icon" />
    <link rel="apple-touch-icon" href="/iphonekiller.jpg" />
    </head>
    <body>

    [Moderator Note: Please post code & markup between backticks or use the code button. Your posted code may now have been permanently damaged by the forum's parser.]

    http://wordpress.org/plugins/sociable/

  2. TheHiveQueen
    Member
    Posted 11 months ago #

    I'm having the same issue on my site and not sure what to do. Guidance would be appreciated.

    http://avalonjacksonvillebeach.com/what-you-get-for-the-money-coastal-new-construction-in-jacksonville-beach/

  3. TheSolverItaly
    Member
    Posted 11 months ago #

    Simply disable or cancel installation untill resolved vulnerability. Also my site this night, 2013 sept 19, was hijacked. Resolved disabling and deleting.

  4. Kuratur
    Member
    Posted 11 months ago #

    Hi, TheHiveQueen.

    There's only one thing for it. You must disable the Sociable plugin.

    I hate to say it, but the fact that these guys haven't addressed the breach or done anything about it means they aren't looking after their plugin any more. Just as well to find an alternate solution, of which there are many :)

  5. rogal
    Member
    Posted 11 months ago #

    I had the same problem. I deactivated and deleted the plugin.

  6. Peterkopi
    Member
    Posted 11 months ago #

    Sad but true. Deactivate or uninstall the plugin!

  7. Jean-Francois Arseneault
    Member
    Posted 11 months ago #

    Erh.... this plugin is only compatible/tested up to 3.3.2 ... which would anyone still be running the code...? I mean, I'on ok running 3.5.x tested stuff, but 3.3 ?

  8. MadHag
    Member
    Posted 11 months ago #

    Thanks for the heads up, shame, real good plugin, hope they fix it soon if the project is still alive.

Reply

You must log in to post.

About this Plugin

About this Topic