Title: Plugin generates spam posts when installed Last modified: July 23, 2017 --- # Plugin generates spam posts when installed * Resolved [pibeca](https://wordpress.org/support/users/pibeca/) * (@pibeca) * [8 years, 10 months ago](https://wordpress.org/support/topic/plugin-generates-spam-posts-when-installed/) * Hi, * I installed your free plugin a few days ago in our corporate page because we are looking for an editorial content calendar plugin and wanted to test yours out. I received an email from our Google Search Console’s account telling us our site had pages marked with the hacked site type “URL injection” in the following urls: * [http://pibeca.com/dissertation-assistance-services](http://pibeca.com/dissertation-assistance-services) [http://pibeca.com/umi-dissertation-services](http://pibeca.com/umi-dissertation-services) [http://pibeca.com/i-write-my-dissertation-in-a-week](http://pibeca.com/i-write-my-dissertation-in-a-week) [http://pibeca.com/phd-no-dissertation](http://pibeca.com/phd-no-dissertation) [http://pibeca.com/accounting-dissertation-help](http://pibeca.com/accounting-dissertation-help) [http://pibeca.com/dissertations-to-buy](http://pibeca.com/dissertations-to-buy) * The most alarming thing after this is that when we try to access one of these pages, we are redirected (using javascript on the body of the post – location. replace() )to the following website: [https://superbpaper.com/?cid=2626](https://superbpaper.com/?cid=2626) * We have thoroughly reviewed the website, the theme we are using and other plugins installed and found out that these pages only show up when your plugin is installed. If we uninstall it, these urls are redirected to our custom 404 page (as they should be). * I don’t think this behavior of the plugin is right (not even for a free plugin, although it should be advertised somewhere before the user installs it). I would like to know if this is a known behaviour, if it is some remanent code from the last update, or if it has been hacked. Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [David Aguilera](https://wordpress.org/support/users/davilera/) * (@davilera) * [8 years, 10 months ago](https://wordpress.org/support/topic/plugin-generates-spam-posts-when-installed/#post-9345162) * Hi [@pibeca](https://wordpress.org/support/users/pibeca/), * Thanks for the heads up. * > I don’t think this behavior of the plugin is right (not even for a free plugin, > although it should be advertised somewhere before the user installs it). * It isn’t. Our plugin doesn’t create automatic pages or posts, so there must be something else going on. * > I would like to know if this is a known behaviour, if it is some remanent code > from the last update, or if it has been hacked. * It looks like (your copy of) the plugin has been hacked. If you download it from WordPress.org and compare it with the version you have installed, are there any differences? * > The most alarming thing after this is that when we try to access one of these > pages, we are redirected (using javascript on the body of the post – location. > replace() )to the following website: [https://superbpaper.com/?cid=2626](https://superbpaper.com/?cid=2626) * How did you find this redirection? You said our plugin inserted the snippet with the redirection, but a quick inspection to its source code reveals that this redirection isn’t there. * I’d say that your installation has been hacked, but I don’t know why or how. If there’s a vulnerability in our plugin, I’d like to discover it and fix it. Please, feel free to contact me at my email address (customers at nelio software dot com), if you need to exchange some sensitive data with me. * Also, I see your website is in Spanish as well as English. We’re based in Barcelona, Spain, so we can talk in Spanish if you want. * Regards, David * Thread Starter [pibeca](https://wordpress.org/support/users/pibeca/) * (@pibeca) * [8 years, 10 months ago](https://wordpress.org/support/topic/plugin-generates-spam-posts-when-installed/#post-9345427) * Hola David, * Muchas gracias por tu rápida respuesta. Nosotros estamos en Madrid, así que sí, mejor en español. 🙂 * La instalación del plugin la hemos realizado siempre desde la búsqueda de plugins de WordPress (Plugins > add new > search for keyword “nelio content” >instalar y activar), por lo que entiendo el código del plugin debería ser el mismo que si lo descargamos de wordpress.org y lo instalamos. * Antes de contactaros, nos descargamos el código “hackeado” del plugin desde nuestro FTP y lo estuvimos depurando, pero tampoco pudimos encontrar nada, pensamos que quizá en alguna de las llamadas a la api se pudiera añadir esos contenidos. * De cualquier modo, hemos descargado el zip del plugin de wordpress.org (la nueva versión que se ha publicado esta mañana). Hemos comparado el contenido de los archivos de ambas versiones utilizando Ultracompare X para Mac, y hay bastantes diferencias en la mayoría de los archivos. Puedo enviarte un zip con el código“ hackeado” por si quieres/necesitas echarle un vistazo, así como proporcionarte la información que nos muestra Google Search Console. * Hemos instalado la nueva versión de vuestro plugin también directamente desde el buscador de WordPress para ver si ocurría lo mismo y no ha dado esos problemas, por el momento todo es correcto, por lo que parece que en la nueva versión estaría solucionado. * Estaremos atentos a cómo evoluciona esta semana y, cualquier cosa que necesitéis, no dudes en contactarnos. * ¡Muchas gracias! * Un saludo, * Beatriz Avila, Pibeca Solutions * Plugin Author [David Aguilera](https://wordpress.org/support/users/davilera/) * (@davilera) * [8 years, 10 months ago](https://wordpress.org/support/topic/plugin-generates-spam-posts-when-installed/#post-9345582) * Hola Beatriz, * Pues sí, si puedes pasarme el ZIP con el código te lo agradecería; me gustaría comprobar qué cambios ha habido exactamente. Nuestra dirección es: customers arroba nelio software punto com. A ver si conseguimos sacar algo en claro… * Un saludo, David * Plugin Author [David Aguilera](https://wordpress.org/support/users/davilera/) * (@davilera) * [8 years, 9 months ago](https://wordpress.org/support/topic/plugin-generates-spam-posts-when-installed/#post-9390494) * We talked to Beatriz via email and, apparently, the issue did no longer occur with our plugin’s latest version (1.3.x). Even though we were unable to identify the root cause of this weird behavior, I’m marking this topic as resolved. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Plugin generates spam posts when installed’ is closed to new replies. * ![](https://ps.w.org/nelio-content/assets/icon-256x256.png?rev=3356097) * [Nelio Content - Editorial Calendar & Social Media Auto-Posting](https://wordpress.org/plugins/nelio-content/) * [Frequently Asked Questions](https://wordpress.org/plugins/nelio-content/#faq) * [Support Threads](https://wordpress.org/support/plugin/nelio-content/) * [Active Topics](https://wordpress.org/support/plugin/nelio-content/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/nelio-content/unresolved/) * [Reviews](https://wordpress.org/support/plugin/nelio-content/reviews/) * 4 replies * 2 participants * Last reply from: [David Aguilera](https://wordpress.org/support/users/davilera/) * Last activity: [8 years, 9 months ago](https://wordpress.org/support/topic/plugin-generates-spam-posts-when-installed/#post-9390494) * Status: resolved