Vulnerability causing redirect to download scam site

  • angelalgibson

    (@angelalgibson)


    10 years ago

    Hello,

    I don’t know how else to reach you… yesterday morning our website was hacked. By going to the site, the real site would be visible for a few seconds before automatically redirecting to a spam site / download. I have videos if you want them.

    Anyway… in contacting tech support they provided this information:

    “had a file at /public_html/wpnew/wp-content/plugins/word-stats/xml38.php

    That seemed to be causing that redirect issue. I’ve removed this file. It was added at 2016-04-18 04:57

    Likely, this is a vulnerability in the word-stat plugin.”

    Just thought you would want to know so you can patch your plugin.

    Thank you.

    ~ Angela

    https://ww.wp.xz.cn/plugins/word-stats/

Viewing 1 replies (of 1 total)
  • whitefirdesign

    (@whitefirdesign)

    10 years ago

    Hackers frequently place malicious files in random locations on a website, so there isn’t a strong correlation between the location of those files and the source of the hack.

    Whomever is doing the cleanup really needs to review the log files of the website to see what they show about the source of the hack (that is a basic step in the hack cleanup process, but is frequently not done, even by people claiming to be experts).

    If the source was a plugin vulnerability, then the information in the log file on how the plugin was exploited would be very important to know to be able to fix that vulnerability in the plugin.

Viewing 1 replies (of 1 total)

The topic ‘Vulnerability causing redirect to download scam site’ is closed to new replies.