WordPress.org

Support

Support » Plugins and Hacks » [Resolved] [Plugin: WP-PageNavi] Crazy italian text added to the URL o_O

[Resolved] [Plugin: WP-PageNavi] Crazy italian text added to the URL o_O

  • Hello,

    A friend whose blog is hosted on my server (I’m sorry, I apologize, I can’t give you the URL) reported me of a problem, however, for the life of me, I can’t find from where the problem may come. He, as for him, states he didn’t install fishy stuff, and since I am rather uptight on server security, I’d like to believe him.

    The problem is with the Wp-PageNavi.

    The “next page” / “previous page” URL links do start with the blog’s URL/page/page_number…
    however…
    they have SUPER DUPER CRAZY ITALIAN WALL OF TEXT added after them, and for the life of me, I can’t figure out where it may come from ?!?

    Four log entries with that stuff (the last line has the clearer text, with stuff like %20 converted into proper space characters) : http://pastebin.com/m2A8HaxG

    I decided I’d fix it in five minutes and then parade as The Big Guy, but sadly, I failed at finding where it may come from.

    The database didn’t contain any mention of the words present in that long string of text, even fishy stuff like \xb7 that you’d rather expect from a code line than a straight text line.

    The blog’s internal files, themes, core, plugins, didn’t contain any mention either.

    Paranoid as I am, I searched for various eval, decode, and the like, but, nothing fishy, no backdoor or anything waving a little “hi” at me.

    It only shows when one is not logged as admin. Thus, I suspected Wp-SuperCache, but deactivating right after emptying the code didn’t change anything.

    Lots of searching later, I found that that stayed as a permanent parameter in the blog’s URL (www.website_adress.com/?s=This%20is%20called%20%2Aeffetto%20serra%2A%20muahuahauhhRispondi%20%B7%… … …) unless I re-typed the adress cleanly without the ?s= string – and then everything worked again correctly O_o

    So, there are two problems, the apparition of this italian wall of text inside a search query, and also the fact that the search query doesn’t disappear from the URL when we navigate through the blog’s pages.

    I’m absolutely puzzled and unable to find a fix.

    Searching server logs didn’t return anything useful in the error_log blog’s file, but I haven’t searched yet the access_log. Imagine, a grep “muahuahauhhRispond” access_log_file_name_for_that_blog > output.log returned a 1.5 GB text archive. That file is being currently recompressed to bzip2 before I download it and browse it.

    Please, would someone have an idea about it ?
    My pride is hurt, and I see an interesting challenge !

    Thank you VERY MUCH if someone can help, throw ideas, pointers, everything is welcome 🙂

    http://wordpress.org/extend/plugins/wp-pagenavi/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author scribu

    @scribu

    PageNavi uses native WP functions to generate the URLs, so I would treat it as a generic exploit, rather than something targeted at or enabled through PageNavi.

    Thanks for the reply !

    Do you think I should tag this thread for deletion and, then, post it as a new thread in general support forum ?

    Plugin Author scribu

    @scribu

    Yeah, I guess that would give you a better chance of getting attention, but most advice could probably be found here:

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    Haha, I must know that page by heart, I’ve had more than my fill of problems in the past, I’m asking here because I haven’t (yet ?) found a page documenting the same kind of problem as I got 🙂

    I think I got the gist of the problem, so this is NOT related to pagenavi instead, I apologize for the trouble.

    I’ll post an updated question elsewhere, with a link to this thread that I’ll close as soon as I can come back here with a link to the new thread.

    There, the new question thread is on that page :
    wordpress.org/support/topic/wordpress-wp-supercache-deficiency-i-need-help-please?replies=1

    Sorry for the trouble ! 🙂

    * thread closed *

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Resolved] [Plugin: WP-PageNavi] Crazy italian text added to the URL o_O’ is closed to new replies.