allegro51

This message is for gashannon…

Your WordPress Hit Counter becomes a Blogroll Online Gambling link when it is installed. Perhaps your plug-in was hacked? But someone needs to get it taken down. It was a meltdown for me on my client’s site yesterday.

I found this thread which proves it was the WP Hit Counter, it contains a number of people who experienced the exact same thing going back at least two weeks:

Maybe I was a little naive, but I thought if a plug-in came up from www.remarpro.com, that it would be fairly safe. Searching I believe for site counter, your plug-in was the first to come up.

I also should have known something was very wrong when the upzipped file had 1400 some files. But I was sleepy, installed it, it didn’t work, and it wasn’t til the next morning when I realized the hack. It had put the blogroll right where I tried to drag the WP Hit Counter, into the right sidebar area. Nothing had appeared at the time, but I almost had a heart attack when I saw the blogroll (I hadn’t had one previously) and the online gambling link. The client I am working is so non-web-design savvy, and paranoic, had I not caught it, I could have lost the gig.

I could not implement any of the other fixes suggested in the link above; they were way over my head. All I was able to do was to delete the plug-in, and go into the links section in wp-admin and delete the gambling link. But I am very paranoid about what else it could have done, or might do in the future — at least the much more knowledgeable people than thought there were all kinds of things that had to be done to really remove the hack. Got only knows that the 1400 files are doing!

I reported it to www.remarpro.com, but have not heard anything yet. PLEASE take down the plug-in until you can make it hack free. People will continue getting attacked until that happens.

Thanks for your time…

I was able to get the Blogroll with the gamling link off my site just by going to Admin – Edit Links and deleting it. I did of course delete the plug-in. But other than that, I have no clue what else to do.

Is the offending gambling link going to come back, if all I did was delete the plug-in and kill the gambling link in the Edit Links list?

In these instructions from this thread – I don’t even have a cache folder under wp-content
2. Find and change the permissions on the directories under wp-content/cache/hookd/DOMAINNAME.com from at least /hookd on down to 777.

Mainly I need to know if any ongoing damage will happen, I am already in a nightmare situation with this client. Thanks!

Addendum: Has anyone filed a report on this horrific plug-in. It is the FIRST site counter that appears when you search for one. Why hasn’t it been taken down yet? And here I thought if the plug-in was gotten through WP it would be safe; not to mention, the one that came up at the top of the list with good reviews.

I am in melt-down over this hack, and can barely understand the fix instructions. I was doing it late at night – installing WP Hit Counter – and I immediately noticed that there were like 1400 files, and I knew in my gut there was something very wrong! My client is going to have a stroke if they see that there!

In chrisaskew’s instructions I am stuck at step 2:
2. Find and change the permissions on the directories under wp-content/cache/hookd/DOMAINNAME.com from at least /hookd on down to 777.

In my case the hack created a separate wp-content tree at the top (WP) level, so I just deleted the whole tree. If the bogus stuff got put under the real wp-content directory (as it seems for LFGabel above), you’ll have to sort out what’s real and not.

I have no clue what he is talking about with the permissions!

Can someone tell me how just to get the Blogroll with the gambling link off the page, and then I can try to get to deeper fixing later?

I am assuming that my regular WordPress data backup file is worthless for this purpose?

Any help would be most appreciated – I must get that blogroll off there before ANYONE sees it or my life is toast!