Just enter your first name and valid email address below, then click theHelp! WordPress Plugin Hack Attacks
Update: Thanks to Hafiz Dhanani for the tip (via the comments section). The contributor account seems to have a back door access to the two plugins that were “hacked”.
It seems like someone is playing with my WordPress plugins lately.
When I woke up this morning, I was surprised to see that the settings of the plugin Related Posts was changed. The items that it was supposed to show was set to one - before it was three. The tag before the related posts were touched too and the show excerpt option was set to true which was set to false before.
The Feed Count plugin was also left altered and instead for it to point to Feedburner, it was suspiciously linking to kasakk.blogspot.com that seems to be a reader of my blog kasakk.blogspot.com/2008/02/14-years-old-blogger-is-it-littlle.html (I’m not putting a live link just for sure)
Any advice guys?
Social Bookmark
14 Comments →
How old is your Feedburner plugin. I found this:
http://blogsecurity.net/wordpress/feedburner-feed-hijacking/
I would confront him first to see if he has anything to say for himself. You obviously know how to reach him. Then, if things still seem fishy, you can report him to Google. Who knows if they will do anything right away, but if they get enough complaints I am sure they will revoke his AdSense. Hit him where it hurts - his wallet.
That is a bit scary. I don’t like thinking that plugins can be hacked. Did you upgrade it or something?
OMG! Now it shows heaps on related posts with excerpt! O_O And as far as i can remember the feed count was showing 71 subscribers or something!
O_O
Hi Carl,
It’s funny that you should post about this, because I just found a vulnerability last night that allowed me to change the options for the related posts plugin on another blog.
I’m not sure if this is what happened to you, but I registered as a contributor for the blog and noticed that I had complete access to change the plugin settings for the related posts. I tested to see if my changes would actually become live… and they did! But I changed them back :)
If your blog is open to contributors to I’d recommend you create an account and register so you can see if the plugin settings can be modified.
Hope this helps,
Hafiz Dhanani
Yep, thanks for the tip Hafiz. That was it.
Ok, Carl. I changed the number of related posts to five, and removed the excerpts.
First, I want to say, it is awesome to see another young blogger.
Second, I also want to note, that feedburner count is still messed up and this is what it shows on my screen:
http://i11.photobucket.com/albums/a180/fattony69/wow.jpg
Third, my only advice is that you search google for advice. It mostly gives you information on how to use .htaccess, delete files, and add files. It will help deter problems like this. Though, all sites are hackable, but it will deter most of it. If you want to talk more, you can reach me at my blog. Good luck.
They got your subscription Box Too Carl (Dont Subscribe) Wonder what else!
Seems like you might’ve had someone bruteforce your admin password. There usually aren’t any ways to exploit into Wordpress after all the latest updates, so that’s my guess.
What you should do is change the password and possibly search your computer for a virus/spyware that might’ve given away your password. In the future, you should try the plugin Lester made, which allows you to backup your Database. You probably already do, but just in case:
http://lesterchan.net/portfolio/programming.php (it’s called WP-DBManager)
GOOD LUCK!
-Mike
Which Related Posts plugin are you using?
Confront him and ask WTF is going on. :)
That explains why I was unable to make a post today. I hope you get this problem fixed Carl.
Kind of makes you wonder now huh? I usually double-check the stability of a hack before adding it to my Wordpress blog, I even added a “Back Up” addition that allows my backup to be stored on my server. If only there was an option (I think there is, just need to set it) to send me the files in an email.