Hacked through your plugin

I for one am happy that @andresmolina made this hacked report. Yes, it is always possible that this plugin was not the vulnerability, but it does seem that this was at least used by a hacker/bot/script, and that makes this an important report. The owner of this plugin is notoriously unresponsive, but I did see an update recently, when before that it was a few years previous. My guess is, some functionality was disabled (as in, right now it won’t monitor posts and if you try to set it, the setting goes back to disabled). This update could have something to do with a vulnerability, or maybe not. We don’t know because the plugin author is not participating in this particular conversation.

I′m happy that at least someone, in this case @coefficient get′s the point of my protest, and objections.

To me, it is clear that the changes made recently has a lot to do with the POSSIBLE vulnerability of this plugin. Of course the author is cocky enough to do not reply to emails and messages on his own support tickets. People like this should not be in this community. My only aim was to help others, and the plugin author, and it turns out that I receive bad words all time.

Once more @jeffmcneill for your support in this jungle of defensiveness around a guy that can’t even talk for himself. I uninstalled this plugin and installed Safe Redirect Manager, which works great.

But it has nothing to do with this, or has it?
https://blog.sucuri.net/2016/05/wordpress-redirect-hack-test0-default7.html

Nope, they did not inyect any code in the header. And if anyone cares i FINALLY fix all my problems with google indexin yesterday…

@andresmolina Would you be so kind as to list the plugins you were using at the time? It could turn out very helpful. Thanks!

Hi,

Sorry but i cant really remember the exact plugins i was using. It is not like I had one or two plugins. That i can remember, on top of my head are:

Woocommerce
Woocommerce multilingual
wpml
store locator
redirection
Booster for woocommerce
advanced custom fields
advanced custom fields coordenates
advanced custom field repeater
aftership
app banners
contact form 7
cookie notice
duplicator
geo ip detection
google analytics dashboard
layer slider
product country restrictions
scripts to footer
search and replace
shortcodes ultimate
search everything
woocommerce comming soon
wpml flag in menu
wpml media
wpml string translation
yoast seo

Wow, just… wow.

So I’m the plugin author. Also known as the notoriously unresponsive cocky plugin author with an unacceptable attitude.

First things first, if there is a security issue with the plugin then please do contact me directly or via [email protected]. I take these things very seriously and any reported issues in the past have been fixed within a couple of hours.

Second, there just isn’t enough information here to work with. I appreciate that if your site was affected the last thing on your mind is collecting evidence – that’s fine, I get it. However, as of right now the only report I have of a vulnerability is this single forum post.

Redirection stores its list of redirects in a database table. If something is able to add to that table then Redirection will dutifully obey. Any installed plugin, theme, or WP itself has access to this table.

Redirection will also, if configured to do so, create a new redirect if a post’s URL is changed. Any plugin, theme, or WP itself can create and delete posts and this would also result in a redirect being created.

Note I am not saying that Redirection isn’t at fault. If your hosting people can categorically state the plugin was at fault then please get them to contact me with the details. If they don’t have any details then they can’t categorically say it was the plugin. It’s easy to point the finger of blame.

andresmolina, I understand you are upset/angry/annoyed/whatever. I am not ignoring you, or hoping this thread gets buried. I do not check these forums often as the list of Redirection issues includes every single forum post with the generic word ‘redirection’ in it – this is considerably more than I can handle. Also, sometimes, I don’t have time. Fortunately these forums are where the community helps each other. It is not a direct line to plugin authors.

People like this should not be in this community.

Thanks. Threads like this are a real joy and a great incentive for any plugin developer.

support is the minimum we all, the whole comunity deserve for a plugin, even if it is free. Im not asking him to solve my issues, I′m just demanding some help from the plugin owner.

The plugin is free and will continue to be free. It is not part of some commercial pro-plugin nonsense, I am not a company, and I don’t make a living out of this. I’ve given hundreds and hundreds of hours of personal time to it in development and likewise in support, and it will continue to take up my time, alongside my full-time job, family, and other interests. As with WordPress itself it is freely given for you to use or not use. The community graciously provides support for this either way, and for this I am personally thankful. I respectively suggest you are incorrect with your assessment of the WordPress community and what it deserves. It is not a receptive place for demands.

I was just wondering if after I use your plugin for the redirects, can I the uninstall the plugin. I try to keep as few plugins as possible.

Thanks for all of your time and effort, especially as you are doing this out of the love of the platform and the community.

XD

“This free thing got me hacked”
How?
“someone told me”
Got any logs?
“no”
Why not?
“My only aim was to help others”
… what other plugins do you have running?
“(all of them)”

@johnny5 John Godley – Well said. Thanks for your efforts.

Hi,

I can’t be sure whether my redirection plugin got hacked or not, from the error log under public_html it shows

[21-Jul-2016 15:23:35 UTC] WordPress database error Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8mb4_general_ci,COERCIBLE) for operation ‘=’ for query SELECT wp_redirection_items.*,wp_redirection_groups.position AS group_pos FROM wp_redirection_items INNER JOIN wp_redirection_groups ON wp_redirection_groups.id=wp_redirection_items.group_id AND wp_redirection_groups.status=’enabled’ AND wp_redirection_groups.module_id=1 WHERE (wp_redirection_items.regex=1 OR wp_redirection_items.url=’/lin/fKk5V/??·??￡??????’) made by require(‘wp-blog-header.php’), require_once(‘wp-load.php’), require_once(‘wp-config.php’), require_once(‘wp-settings.php’), do_action(‘init’), call_user_func_array, WordPress_Module->init, Red_Item::get_for_url

A check on the database, the wp_redirection_404 easily have 50000 entries related to the hacked files and links. The error log can be traced back to May 2015.
Unfortunately, I only discovered the somebody hacked and planted many files into my public_html and redirect my website to these files. I only discovered it when I see my disk space using up very fast.
I deleted the files and sub-directories but the errors do not seems go away.

Once I deactivate the redirection plugin yesterday, I don’t see these error.
However, I think this may not be solving the real issue.

From another error log file by SEO Ultimate plugin, I still see the redirection error even though I already deactivated the redirection plugin.

It could be some setting/config files or database that I need to clean up?

I am very new to this. Have been spending last few days figuring out what went wrong, steep learning curve for me.

Any suggestion that I can solve this problem once and for all?