Support » Plugin: Simple Banner » Hacked!!!

  • Resolved rafaelvleite

    (@rafaelvleite)


    Please don’t intstall it in your website! It is hacked (github doesn’t exist anymore). Every time someone will click a link in your banner the FIRST TIME using MOBILE, it will redirect to unwanted websites. Don’t install it!!!

Viewing 15 replies - 1 through 15 (of 26 total)
  • Plugin Author rpetersen29

    (@rpetersen29)

    @rafaelvleite I’m not sure where you’re getting this from but this is not true. The GitHub repo is no longer active because I moved the code to a private repo, and even so, all code is visible from the development tab and all commits have come from me.

    • This reply was modified 1 month, 3 weeks ago by rpetersen29.
    Thread Starter rafaelvleite

    (@rafaelvleite)

    It happened to my website. The steps to simulate this is:

    Open a new browser in incognito mode
    Adjust screen size as mobile (or do it in a mobile)
    Open the webpage with simple banner with a link
    Click the link
    * please dont login as admin

    A popup will open leaving to unwanted websites. Plugin is corrupted.

    Thread Starter rafaelvleite

    (@rafaelvleite)

    It is cooked to happen only the first time! Then it will show no more popups. In practice, every user will be redirected to that website and the banner lost its purpose

    Plugin Author rpetersen29

    (@rpetersen29)

    Hi @rafaelvleite it sounds like your website got hacked and not my plugin. You can look through the code, there is nothing in the code that would support such a mechanism.

    Here’s the code in question, https://plugins.trac.wordpress.org/browser/simple-banner/trunk/simple-banner.js#L10. It simply takes the text parameter and put it in an html element.

    You should look through your database and make sure no one has made unauthorized changes.

    Plugin Author rpetersen29

    (@rpetersen29)

    All code for this plugin is open source and available to browse through the WordPress plugin website, https://wordpress.org/plugins/simple-banner/#developers. Every commit I make is directly to WordPress. I would urge you to look through source code before making false claims like this.

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    @rafaelvleite

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    @rpetersen29 Moderators have reviewed this topic and it’s not spam. Let’s help this user clean up his site…

    @rafaelvleite if you need additional assistance cleaning your site, please see the links above and post additional info, if necessary, in a new topic not related to this plugin.

    Also, this topic has been moved from “reviews” to “support”.

    Plugin Author rpetersen29

    (@rpetersen29)

    @sterndata thanks, apologies for the wrong label.

    Thread Starter rafaelvleite

    (@rafaelvleite)

    Thank you so much for the moderation Steve, I just took a deep breath 😉
    Sorry for anything @rpetersen29 I don’t want to harm your business.
    But I need to warn there is someting really wrong with the plugin (and it is not the first time, since “Simple Banner” had vulnerability issues is the past and I found the many websites listing this plugin as causing websites to get hacked).
    I just ran a full scan with the main websites (Quttera, etc) and thankfully no malware was found. I also installed a Malware detector plugin (“Anti-Malware Security and Brute-Force Firewall”) and ran a full scan and nothing was found.
    I will run some other tests with the plugin in a new, fresh and clean website and I will record videos of it. I will not stop until this case is solved, because someone is getting money redirecting people to undesired websites.
    By the way @rpetersen29 please kindly let me know why you moved your code to a Private Repo. When we install this plugin and from inside wordpress click to know more about the website, it leads to a not found page.

    Thread Starter rafaelvleite

    (@rafaelvleite)

    Plugin Author rpetersen29

    (@rpetersen29)

    Yeah that repo has been deleted, by me.

    • This reply was modified 1 month, 3 weeks ago by rpetersen29.
    Plugin Author rpetersen29

    (@rpetersen29)

    That user’s issue seems to be different than yours. If you want to provide any details of your issue i will gladly try to help. However, the issue is not with this plugin, which i have described in detail above.

    • This reply was modified 1 month, 3 weeks ago by rpetersen29.
    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    @rafaelvleite I archived your reply in that other topic and your reply to the link to the other topic.

    Please keep support here for your problem and not cross the streams. The other moderator explained above what you need to do to delouse your site.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Also @rpetersen29 I made this topic “Not Resolved”. Yes, you can resolve topics but doing that before the original poster’s topic is resolved is not cool.

    They can unresolved their topics as well; I just saved them a click or two.

    Plugin Author rpetersen29

    (@rpetersen29)

    @rafaelvleite I deleted the Github repo because the SVN repo that is available to everyone here, https://plugins.trac.wordpress.org/browser/simple-banner/, is the one i make my commits to. Code committed to the WordPress repo gets published directly. Any commits i made to the Github repo were just copied over from this one and since i didn’t keep it up to date i deleted it as it was unnecessary.

Viewing 15 replies - 1 through 15 (of 26 total)
  • You must be logged in to reply to this topic.