Support » Plugins » Hacks » Message You suck! Go hack someone else.

  • I have been developing a plugin over the last 6 months which now has almost 40,000 downloads and some great feedback, it is a great experience and although I classed myself as an advanced PHP developer when I started; I have learnt so much from other developers who have emailed me with code suggestions and fixes.

    http://wordpress.org/plugins/mail-subscribe-list/

    I have a small problem that I cant seem to get my head around, a very small number of people have messaged me (5) saying that they get a message when they use my plugin which says “You suck! Go hack someone else.”, I can not work out how this is happening and with my plugin being so simple I decided to google and noticed that there are a small number of other WordPress plugins that are displaying the same message.

    Can anyone help or give any guidance?

Viewing 11 replies - 1 through 11 (of 11 total)
  • The first thing to do is find out which plugin is creating that error. When you can find that you’ll be able to look into it’s code to see what’s triggering it and see what your plugin is doing to trigger that situation.

    Thread Starter Richard Leishman

    (@webfwd)

    Thank you for your comment but I don’t think you actually read what I wrote.

    I did read it, but I am guessing my response didn’t spell out what you need to do exactly. Hopefully this will shed some more light on what you need to do.

    Can you tell me where that error message is coming from? I know that it’s not coming from your plugin because it doesn’t have that phrase anywhere in it. That means that it’s coming from another plugin or theme that the people are using – so what I said above still stands

    Something if your plugin is triggering that error in a different plugin for some unknown reason, and that’s what you need to figure out. Find out which plugin is showing that error (you’ll have to ask people that report this problem what combination of plugins and theme they are using so you can try to replicate it). When you find out what plugin is actually showing that message, you’ll need to discet that plugins code to find out what the trigger for the error message is. When you find out what the actual cause of the error is you can go back to your plugin and see what you have done that’s causing that trigger to occur in the other plugin.

    Moderator bcworkz

    (@bcworkz)

    Yeah, what he said ^^^^

    I suspect the culprit is some security plugin. It may have detected your attempt to create a table (or something else?) and decided it was a hack attempt. Which is lame, no decent hacker would do something that obvious. Plus it should give the user the option of letting the script run once appropriately warned.

    It should be possible to make a program which traverses all the files of your wordpress directory, gets the content of the file and looks for the unwanted message. If you class yourself as an advanced developer this is an easy thing to do. Mayby you can also find a useable code by googling a little. It is prob ably not in the core code but this one from edit-comments.php surprised me :wp_die(__(‘Cheatin’ uh?’));

    Best regards

    Try this code and let your clients who get the message try it also.

    <?php
    $dir=dirname(__FILE__).'/wordpress';
    
    dirToArray($dir);
    function dirToArray($dir) {
    
       $result = array();
    
       $cdir = scandir($dir);
       foreach ($cdir as $key => $value)
       {
          if (!in_array($value,array(".","..")))
          {
             if (is_dir($dir . DIRECTORY_SEPARATOR . $value))
             {
                $result[$value] = dirToArray($dir . DIRECTORY_SEPARATOR . $value);
             }
             else
             {
    			 $file_content=file_get_contents($dir. DIRECTORY_SEPARATOR .$value);
    			 if(preg_match('/suck/i',$file_content))
                echo $dir. DIRECTORY_SEPARATOR .$value.'</br>';
             }
          }
       }
    
    }
    
    ?>

    You should also search all tables in the database for a match. In phpmyadmin it is easily done with selecting database, click search, select all tables and enter the searchword(s).

    A pure sql code doing the same can be seen here:

    http://stackoverflow.com/questions/7523039/mysql-query-to-search-all-tables-within-a-database-for-a-string

    When still nothing is found it might be the result of a plugin doing an external http request. You can find http requests whis are not to wordpress by using this searchstring https?\:\\\(www\.)?[^(wordpress)] in the above php directory search.

    Thread Starter Richard Leishman

    (@webfwd)

    Thank you jaip, this will be a great help.

    The regexp https?\:\\\(www\.)?[^(wordpress)] is not working properly. Someone else might be able to write a regexp which excludes requests to w3.org apache.org codex.wordpress and wordpress and mayby more in the search for external http requests in plugins or themes.

    Here it is, folks.

    http://wordpress.org/plugins/stealth-login-page/

    /stealth-login-page/plugin.php > Line 169

    $message = '<h2 style="text-align: center; margin-top: 4em;">You suck! Go hack someone else.</h2>';

    Thread Starter Richard Leishman

    (@webfwd)

    Wow great! I don’t think that it will just be my plugin that is effected by this. I have looked at the code for stealth login page and it seems that it creates an extra security feature that when you link to a wordpress admin page it must contain a ‘special code’, if the url does not contain this code then you get a not so pleasant message “You suck! Go hack someone else.”.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Message You suck! Go hack someone else.’ is closed to new replies.