Support » Plugin: Display Widgets » Payday Loans, SEO SPAM

  • I just received alert coming from google webmaster tools, reviewing the code of this plugin I saw it added a geolocation.php file where it creates a dynamic post, and one of the urls was this http://mysite.com/pay-day-loans/ and it was inserting information of Pay Day Loans and a link going to this https://www.paydayloansnow.co.uk/.

    All the above explanation was because google marked my site as hackable, insert this type of dynamic content is known as Spam Link Injection.

    I’m not sure if it was intentionally or just a bug, additionally I am seeing complains about the same topic (or related). Just I want to make sure if it was coded intentionally adding a pay-day-loans link with spam content, to take actions and decide continue using this plugin or move on.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Hi,

    thank you for letting me know. Yes, the last update fixed this you need to clear your cache and update to the latest version. As I mentioned in the changelog, I asked a friend of mine to review the code and he gave me a full report. You can look at the wp_options table for leftovers, and if you don’t find anything then you should be okay.

    Sorry for the inconvenience and, again, thank you for letting me know.

    Hi,

    The other admin here. Unfortunately the addition of the GEO Location made the software vulnerable to a exploit if used in conjunction with other popular plugins.

    The latest update fixed and sanitised the vulnerability. A simple empty of the cache & clearing of the wp_options table (if affected) should remove that post.

    Again i apologise. But this should fix it. We estimate only around 100 or so sites to be comprimised.

    Thanks

    DW

    You ESTIMATE? On what basis you estimate? Just a random number out of what?

    Sorry to say that but I’m done with you and this plugin. Since you develop this plugin things got worse. I’m the first donating for a good solution but for some reason you just fucked it up. Best would be to simply bring back the 2.05 version and leave it as is.

    @displaywidget account has been blocked (banned) so he won’t be able to respond here anymore.

    Display Widget users should remove all 2.6.* versions of this plugin, the only safe version is v2.05 see https://wordpress.org/support/topic/display-widgets-plugin-v2-6-3-1-includes-hacking-code/

    [ Signature moderated ]

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    Hi, I’m the plugin team rep.

    Please understand, we have a policy of NOT publicly disclosing all the details of closures like this for a few reasons, least of which being I’m opposed to public shaming. I don’t think it helps anyone. However in the interests of getting people to stop being mean to everyone, here’s the situation.

    The plugin was closed and the developer censured due to repeated guideline violations. We ALWAYS lean towards trusting the good nature of humans, explaining where they messed up, and giving them a chance to correct behavior. When that doesn’t happen, plugins are removed and developers removed/banned.

    I’m sorry that this went on so long. Some of this was actually a case of confusion to what the guidelines meant. You don’t have to believe that, but as I’m the one who had the conversation, I do feel it was. I talk to people a LOT about this stuff, and it’s easy to get confused. That said, following those conversations, the developer added in backlinks and worse. That’s not excusable. The plugin has been removed.

    We have not yet decided what the next best course of action is. We MAY hand the plugin over to a new developer. We may not. The plugin team is discussing this right now. Given the history of the plugin being sullied as it was, it’s really much of a lost cause. There cannot be trust in this plugin anymore, and I’m sorry for that.

    I’m going through and closing posts about this. There’s little point in people going around and slamming others about this. Remember: people can be mean, but you don’t have to be.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Payday Loans, SEO SPAM’ is closed to new replies.