crose13
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: brend-store.ru hijacked my site via a pluginThank you so much for the help. It just seems so weird that I opened the plugin and when I clicked to download, it opened the scareware site in the same window…and it was only the ONE site, not any of its subdomains or my other domains. I had not installed any other new plugins whatsoever in the past few months or so and the theme I installed I built myself. That would leave either a hole in my server security, which seems unlike since only one site was affected. There is just a lot of big doubts about EVERY possibility, including my own thought. What can I do to figure out what happened and ensure it doesn’t happen again. Changing my login, etc. helps if that was the issue, but if it was compromised once it can be again. I’d like to know for sure what happened so I can be better educated if it happens again.
Forum: Fixing WordPress
In reply to: brend-store.ru hijacked my site via a pluginI run security and before kmessinger said anything, I’d already read all of those articles. I’d just done a redesign and always clean out my whole server between redesigner. I am familiar with Sucuri Site Check and run it as often as I run Malwarebytes on my physical machine. It was checked and fine BEFORE the plugin install, but not after. If my server was compromised, wouldn’t it affect ALL of my domains and subdomains because it only effected the one I’d just installed the plugin on?
I do understand Esmi’s position, I just didn’t appreciate being treated like I’m intentionally badmouthing a plugin I’ve used before and appreciated. I also did not retract my statement and don’t appreciate words being put in my mouth. I would have loved to have had an opportunity to say how much I do love the plugin but the WordPress plugin page DID redirect me to a scareware site. My OWN site did not send me to scareware or spam. THAT plugin page did. I did my best to alert the proper authorities to fix it. I know that the plugin would never intentionally hijack my site, but I do feel it or its source was compromised.
My site was perfectly fine before the plugin, and only the one part was compromised after. The files I found that restored my site long enough to get my hosting provider to fix the rest were new files created that day and that time in my WordPress plugin files in a folder for the Maintenance Mode plugin in a folder that had not finished downloading and my WordPress said there was an error with the plugin. Something doesn’t add up. Within the past month more than just me have reported the plugin messing up their sites and blogs. More than just me have reported the plugin and even Esmi said it was “unlikely” not impossible. In the past month a fantastic plugin has been likely responsible for messing up several sites…it may be worth paying some attention to instead of arguing with already upset users.
Forum: Fixing WordPress
In reply to: brend-store.ru hijacked my site via a pluginI went into my backend. I went to plugins. I did a search for it as I’ve used it several times before. I downloaded it from the official location, and it redirected me to a scareware site…the same one my site started redirecting to. I ran Malwarebytes on my computer. Nothing.
I checked my backend, most of the fake inserted .htaccess files giving me trouble were in my plugins folder in the Maintenance Mode plugin files. This all also ONLY affected my site I installed Maintenance Mode to and it happened the second I tried. All subdomains and other domains on the same sever were unaffected. It was NOT my hosting provider. It was this plugin.
I love Maintenance Mode. I’ve used it many times. However, it was the ONLY thing I was trying to change and there seems to have been some other complains around the day I had my trouble, but the forum admins are closing all topics on the matter. I just checked it again on a superfluous domain. It seems to be working fine now. I don’t think it was Maintenance Mode’s fault, but I do think it was temporarily hijacked or something of that nature.
Forum: Fixing WordPress
In reply to: brend-store.ru hijacked my site via a pluginI posted on the forum of the plugin that was ALSO hijacked and gave the problem to me…
I was rudely told not to make such accusations and they linked to THIS support thread to say I have taken back my accusation and it was my server’s fault. Then they closed my post. Um…my server FIXED it. It was still the Maintenance Mode plugin that gave it to me. Not intentionally, but I believe it is infected too. You’d think you could find better help online eh dontbegauche?
I’d look into changing hosting. There are times when my hosting provider is the only one who can save me.
Forum: Fixing WordPress
In reply to: brend-store.ru hijacked my site via a pluginMy host thankfully removed EVERY little trace for me. I know there are WordPress security plugins, but I don’t know how effective they are against hijacking and injected files. I’m really hesitant about downloading any updates or plugins with this thing infecting WordPress…
Forum: Fixing WordPress
In reply to: brend-store.ru hijacked my site via a pluginI contacted my host, who removed the rest I didn’t find. You’re right. All the articles say check .htaccess, but they inject a fake one in EVERY folder. This hack seems to be common but not often talked about, probably because many people wouldn’t notice and would assume their site is just messed up.
I hope plugin owners start checking their own stuff more often because others not noticing is how it’s spreading. Let me know if your hosting provider gives you any helpful hints 🙂
Forum: Fixing WordPress
In reply to: brend-store.ru hijacked my site via a pluginDid you TRY to download a plugin that did it? I read all of the articles from WordPress already and nothing helped. I didn’t want to have to restart everything, so I logged into my server and deleted anything that didn’t look necessary. Somewhere along the way, I deleted the right thing. I think it was in the Downloads folder.