WordPress.org

Forums

Google Custom Search
Search Hacked (2 posts)

  1. Pewit
    Member
    Posted 2 years ago #

    Our WP install was hacked and the hosting company caught it and deleted the files (see below).

    The site looks to function normally apart from Google Custom Search which shows some search results for Viagra/Cyalis etc - but when you click on the link it takes you to the regular content which appears as normal (presumably the hack would have redirected the click through to another site had the files not been deleted)

    Any suggestions for a solution apart from not using the plugin?

    A routine security check on the server found that your account - sitename.org - was being actively exploited.
    
    The malicious files:
    
    /home/sitename/public_html/auth.php: PUA.HTML.Crypt-8 FOUND
    /home/sitename/public_html/.smileys/hash_keyword.php: PUA.HTML.Crypt-8 FOUND
    
    was found to exist on your account. Due to the nature of these files, these have been removed from your hosting account.
    
    Additionally, the following malicious files were also found on your account:
    
    /home/sitename/public_html/phplist/admin/lan/pl/checkbouncerules.php: PUA.HTML.Crypt-8 FOUND
    
    base64.inject.unclassed.7 : /home/sitename/public_html/wp/wp-content/themes/weaver-ii-pro/includes/admin-advancedopts.php
    base64.inject.unclassed.7 : /home/sitename/public_html/wp/wp-content/plugins/events-planner-pro1.2.14/application/controllers/epl-form-manager.php
    base64.inject.unclassed.7 : /home/sitename/public_html/wp/wp-content/plugins/jetpack/modules/comments/base.php
    gzbase64.inject.unclassed.14 : /home/sitename/public_html/wp/wp-content/plugins/cforms/js/include/lib_database_getentries.php
    base64.inject.unclassed.7 : /home/sitename/public_html/federation/simapi-1.0.0/sampleStore/order-privacy.php
    gzbase64.inject.unclassed.14 : /home/sitename/public_html/federation/donate.php
    gzbase64.inject.unclassed.14 : /home/sitename/public_html/zencart/zc_admin/includes/modules/newsletters/product_notification.php
    php.exe.globals.4707 : /home/sitename/public_html/zencart/images/f0969.php
    php.exe.globals.4707 : /home/sitename/public_html/zencart/images/eddea.php
    php.exe.globals.4707 : /home/sitename/public_html/zencart/images/fbd79.php
    base64.inject.unclassed.7 : /home/sitename/public_html/zencart/includes/languages/english/extra_definitions/product_music.php
    base64.inject.unclassed.7 : /home/sitename/public_html/zencart/includes/modules/category_icon_display.php
    base64.inject.unclassed.7 : /home/sitename/public_html/zencart/includes/modules/sideboxes/document_categories.php
    base64.inject.unclassed.7 : /home/sitename/public_html/phplist/admin/lan/nl/generatebouncerules.php
    gzbase64.inject.unclassed.14 : /home/sitename/public_html/wiki/lib/plugins/config/lang/ko/lang.php
    base64.inject.unclassed.7 : /home/sitename/public_html/wiki/lib/exe/xmlrpc.php
    base64.inject.unclassed.7 : /home/sitename/public_html/com_civicrm/civicrm/packages/DB/sqlite.php
    base64.inject.unclassed.7 : /home/sitename/public_html/com_civicrm/civicrm/packages/htmlpurifier/library/HTMLPurifier/HTMLModule/Target.php
    base64.inject.unclassed.7 : /home/sitename/public_html/com_civicrm/civicrm/CRM/Project/BAO/TaskStatus.php
    
    Investigating this found that the file - /home/sitename/public_html/logout.class.php - which looks to have been the cause of a lot of these exploits - was uploaded via FTP to your account.

    http://wordpress.org/extend/plugins/google-custom-search/

  2. garymgordon
    Member
    Posted 1 year ago #

    Was this issue ever addressed? Seems like a big concern??

    Gary

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Google Custom Search
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic