Matheus Giovani
Forum Replies Created
-
Btw just a heads up that the plugin author just removed the import/export function in the last update, and he didn’t have fixed the plugin, so it’s a good practice to be ready if anything happens again in the future.
Forum: Plugins
In reply to: [ND Shortcodes] ND Shortcodes HACKED/EXPLOITEDI’m starting to clean my client’s website now, will keep you all updated.
But, first of all:1. Change your database password and possibly the username.
2. Reset your WP salts and unique keys inside wp_config.php
3. Reset the siteurl and home inside wp_options, you can do this usingUPDATE wp_options SET option_value = 'yoursiteurl' WHERE option_name = 'siteurl'; UPDATE wp_options SET option_value = 'yoursitehomepage' WHERE option_name = 'home';In my case, the invader removed wp-login.php and wp-admin folder, so I needed to make a fresh install over the current site.
- This reply was modified 6 years, 9 months ago by Matheus Giovani.
- This reply was modified 6 years, 9 months ago by Matheus Giovani.
Forum: Plugins
In reply to: [ND Shortcodes] ND Shortcodes HACKED/EXPLOITEDYeah, one of my clients that uses the Charity Foundation theme got hacked, and apparently, the problem came from the nd-shortcodes.
The problem is this POST request:
/wp-admin/admin-post.php?nd_options_value_import_settings=default_role[nd_options_option_value]administrator[nd_options_end_option]users_can_register[nd_options_option_value]1With this POST request. they set the default user role to administrator, and activate the user registration, so this way they can create a new admin user and hack the website. I think there is no checking for admin in this request.
A temporary “fix” for this can be blocking this type of request, but I’m a bit busy to do an example now.
- This reply was modified 6 years, 9 months ago by Matheus Giovani.