pibeca

@nanotrias I’m glad it work out.
Cheers!

Hi @bordoni , @abzlevelup , @someguy9 , @nanotrias! After spending many, many hours reviewing the code, plugins, theme and database, in our case the problem was due to the Avada page settings.

In the new Avada versions, you can overwrite the different page’s layout configuration individually or by page type (post, archive, page, portfolio, etc.). This is available via WordPress admin > Avada > Layouts, where you can “manage layout conditions” by clicking each box wheel. In our website, we had selected “All Archives Pages” option inside the “Post archives” box, which was overwriting any other plugin layout configuration, including The Events Calendar layout configuration.

Without that, the calendar and posts show up properly, even with the new WordPress 6.x.x versions.

Hope it helps!!!

Regards.

• This reply was modified 2 years ago by pibeca.
• This reply was modified 2 years ago by pibeca.
• This reply was modified 2 years ago by pibeca.

@westonruter I am open to discuss anything you need privately, I just didn’t know what were the proper channels, just let me know and will give you my contact info. You being able to check this problem goes in the best interest of us all, the work you are doing is amazing and we appreciate it!!

Hi again,
@milindmore22 I just wanted to let you know that I have filled in the Google forms you provided. Thanks again!

Hi @milindmore22, thanks for your quick response, I don’t know what caused the code injection, but the code in the new files look like the GitHub issue you mention. We downloaded the plugin from the repository through wordpress admin (as we always do), so it was a complete surprise when it got hacked. I compared our problematic version with the one in the repository and this last one didn’t have the hacked files. We had also installed previous to the injection both Wordfence and Anti-Malware Security and Brute-Force Firewall plugins and none of them stopped it.

I will for sure complete the form you linked and provide the hacked code so you can debug this further.

@westonruter Thank you for your indications, but as you know (and we developers sometimes forget) a normal user does not have the knowledge of where to ask for support or how to ask for it, and much less has access to WordPress Slack (or even know what Slack is or how it works!) or know who the developer is as they downloaded the plugin through the WordPress admin (it can sometimes be considered a miracle that they got here to these forums!), so I will kindly ask you to step down your high horse on this one. These support forums are what we have always used when we had a problem with great success, so I didn’t think this was not the “appropiate” channel to communicate a problem as big as this. For what I’ve read, the Slack channel is also not for support, and support is what we needed.

I am painfully aware of the severity of saying that a plugin has been hacked or what can happen if a vulnerability is made public. As I stated before, I don’t know what happened or how the plugin has been compromised, what I know is that we have been dealing with it, cleaning the wordpress time after time and the hack replicating through the code for almost a week until we found the hacked files, and now the website seems to be back on track.

• This reply was modified 3 years, 1 month ago by pibeca.

Hola David,

Muchas gracias por tu rápida respuesta. Nosotros estamos en Madrid, así que sí, mejor en espa?ol. ??

La instalación del plugin la hemos realizado siempre desde la búsqueda de plugins de WordPress (Plugins > add new > search for keyword “nelio content” >instalar y activar), por lo que entiendo el código del plugin debería ser el mismo que si lo descargamos de www.remarpro.com y lo instalamos.

Antes de contactaros, nos descargamos el código “hackeado” del plugin desde nuestro FTP y lo estuvimos depurando, pero tampoco pudimos encontrar nada, pensamos que quizá en alguna de las llamadas a la api se pudiera a?adir esos contenidos.

De cualquier modo, hemos descargado el zip del plugin de www.remarpro.com (la nueva versión que se ha publicado esta ma?ana). Hemos comparado el contenido de los archivos de ambas versiones utilizando Ultracompare X para Mac, y hay bastantes diferencias en la mayoría de los archivos. Puedo enviarte un zip con el código “hackeado” por si quieres/necesitas echarle un vistazo, así como proporcionarte la información que nos muestra Google Search Console.

Hemos instalado la nueva versión de vuestro plugin también directamente desde el buscador de WordPress para ver si ocurría lo mismo y no ha dado esos problemas, por el momento todo es correcto, por lo que parece que en la nueva versión estaría solucionado.

Estaremos atentos a cómo evoluciona esta semana y, cualquier cosa que necesitéis, no dudes en contactarnos.

?Muchas gracias!

Un saludo,

Beatriz Avila,
Pibeca Solutions