Possibly security issue

  • Resolved justin-bigscoots

    (@justin-bigscoots)


    2 years, 4 months ago

    Hello,

    We are seeing MANY sites being taken down and all are running ad-inserter-pro

    The wp-config.php is being removed from all sites. Unable to track down any suspicious POST requests, etc, yet but all sites again are running ad-inserter-pro.

Viewing 15 replies - 1 through 15 (of 24 total)

  • Having same issue.

    My host is also reporting multiple cases.

    Plugin Author Spacetime

    (@spacetime)

    Hello,

    thanks for the information.
    We are running few test sites and currently do not experience any such issue.
    We’ll monitor the situation.

    One of my clients (Ad Inserter Pro user) also had the wp-config.php file deleted, then the hackers ran the WP setup script to recreate wp-config.php with their own credentials in a remote DB host.

    Also, Kinsta says some of their clients had the same issue.

    Plugin Author Spacetime

    (@spacetime)

    Hello,

    it still only looks like some correlation with Ad Inserter Pro.
    We received also some similar reports that indicate issues with a specific theme.
    In the case there is some security issue discovered in the plugin we’ll fix it ASAP.

    Can confirm that we are on Kinsta and had the same issue yesterday. Plugin disabled for the time being. If we can provide any logs or information to assist, please let us know. chromeunboxed.com

    Our host sent me this.

    “We found it was the cron that removed the file – but apart from that – we haven’t found an actual reason the code does that”

    Thread Starter justin-bigscoots

    (@justin-bigscoots)

    We’ve been through hundreds of thousands of access logs at this point and cannot narrow down how this is occurring. Did your host happen to mention which cron event triggered it?

    ai_update
    check_and_delete_expired_ids

    I believe these are the only 2 related to ad-inserter-pro

    I’m also on Kinsta and have run into this issue. WP-Config deleted and other messed up effects (plugins disabled, weird redirects, etc). Site reverted to setup state. We tried a fix recreating wp-config, but that didn’t fully work, so only option was to roll back to full-site backup version.

    Kinsta support identified those same two crons as the active ones with the plugin but apparently haven’t been able to narrow down how or why the issue was occurring.

    My ad-inserter-pro plugin files were timestamped June 9. Why nothing has happened until now isn’t clear.

    I also have a couple of other sites where I hadn’t yet updated Ad Inserter Pro and were still running 2.7.14 (I know, I know…). Those do not appear to have been affected and are running normally.

    ADMINS: I know that this is about the Pro version and is therefore beyond the specific scope of these support forums. But there doesn’t appear to be another good place for us to share information on this, and anything where wp-config is being deleted has to be considered a pretty big deal. So a temporary reprieve on enforcing the rules would be great–at least until the issue is resolved.

    @spacetime: Thanks for getting on this so quickly. Please take this not as a complaint but as an effort to share information in case it’s useful.

    Just wanted to chime in here. Also on Kinsta. Also using Ad Inserter Pro. Also had wp-config deleted. I’m using Genesis framework, in case that’s relevant.

    Ad inserter basic seems to be working fine as a replacement for now and was glad to see that it picked up my blocks from Pro so I didn’t need to manually re-create everything.

    • This reply was modified 2 years, 4 months ago by Nathaniell.
    Plugin Author Spacetime

    (@spacetime)

    @pxlar8

    Sure, we are working with Kinsta to diagnose the issue.
    They are now checking with the latest version.

    @nathaniell

    Thanks for the update.
    Pelase note that when you save the settings only those available in the free version will be saved.

    Throwing in my experience here. I’m also running on Kinsta w/ AIP. Wp-config was deleted last night and continued to be deleted every 35 minutes after uploading a new copy. I reverted to version 2714 and this has prevented the issue for 12 hours now. The only remaining issue I see is that the /wp-admin/ pathway does not redirect to the login.php or wp dashboard in the backend. Just a blank page w/ nothing in <head>or<body> tags. Contacted AIP support and was met with absolutely no help at all. Kinsta support was great as always.

    Kinsta

    (@kinstahosting)

    Hey @soopablogga, in our testing, we found that reinstalling the WP core should clear up the blank wp-admin path. If you need help with that, feel free to reach out to our support team on the MyKinsta dashboard.

    Plugin Author Spacetime

    (@spacetime)

    @soopablogga
    I’m sorry for the issues you have.
    We are working with Kinsta to diagnose the issue.
    Kinsta has access to the web server and your installation and can help directly – replacing any missing or corrupt file.
    We can only offer support via email.

    To get previous versions please use this form – Kinsta already has both versions:
    https://adinserter.pro/contact#help

    Plugin Author Spacetime

    (@spacetime)

    @kinstahosting

    Thanks for the info!

    Plugin Author Spacetime

    (@spacetime)

    Hello,

    a new version 2.7.16 was released.
    In case your site was affected I would suggest restoring the files from the backup and then using the updated plugin.

    Thanks to all who provided useful information.

Viewing 15 replies - 1 through 15 (of 24 total)
  • The topic ‘Possibly security issue’ is closed to new replies.