Support » Plugin: PNG to JPG » .jpg injected into all https urls

  • Yesterday, I installed PNG to JPG to convert screenshot pngs that are causing page speed errors. After testing one image with successful results, I tested 5 images. The web site, which is a dev/staging environment corrupted. The admin panel and the front end were replaced with html. The html reveals that every link to images, nav, files etc, has been corrupted with an injection of ‘.jpg’ after https: and in between the forward slashes. This has the clear marking of a SQL injection. The server host has not found any infection.

    Has anyone else experienced this behavior.

    WP 5.3.1
    Porto Theme and child (current)
    PHP 7.2
    MySQL 5.1?
    Apache servers
    Thanks
    Michael

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author kubiq

    (@kubiq)

    Hi, sorry for that, but I’ve tested this plugin in many different environments and different setups like subdomain or subdirectory installations and I’ve never experienced something like this.

    This plugin replace image filename in database and it use standard WP functions ( wp_get_attachment_url, get_attached_file, wp_get_attachment_metadata ) to receive all needed data like, filename, URL etc…
    One of this functions probably return wrong data and that can happen only if your setup is corrupted.

    Just restore your database backup and everything should be ok, but anyway, I’m really curious how you install WordPress. Maybe you can share some steps, how you do it? Do you have classic folders hierarchy?

    Thank you for your assistance so rapidly. Very much appreciated.

    I have recently taken over on this website to assist with resolving numerous problems. I myself am not a programmer, just a detailed analyst. The installation is dirty. When I first looked at it, there were 7 themes installed, three had been configured and abandoned. There were some 50 plus plugins of various stages of overlap and conflict. Systematically, I moved the team from doing anything to the live site and work exclusively on this clone site. Since that effort stabilized, I have worked to remove everything that is not mandatory by the current theme and functionality. All extraneous themes and plugins have been removed and the data tables optimized. Page speed and other tests continued to show improvement as page functionality with WPBakery was streamlined and improved. Images are the most pressing issue at the moment which is why your plugin was sought.

    While this is ongoing development, it has been my plan to create a clean installation of wordpress and the Porto themes so that all of the plugins and theme files can operate without any remnants or junk. From your message, it sounds like that should take precedence when I recover the current clone912 staging env.

    I’ll let you know if the Db restore takes care of the ‘https:/.jgp/.jpgclone912…..’ issue.

    Thanks again for your assistance.

    Kubiq,
    Thanks again for your response. Even though restoring a previous image of the site did not work, restoring a previous Db file did. The staging environment is whole – ish again.

    Thanks
    Michael

    Plugin Author kubiq

    (@kubiq)

    Hi,
    yes, as I wrote, you need to restore DB 😉
    Maybe you can try my other plugin Images to WebP, it will create additional .webp versions of every image and serve it over .htaccess, so images and DB is not touched.
    .webp images are even smaller than JPG

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘.jpg injected into all https urls’ is closed to new replies.