Latest Announcemnent
New thread

Links got hijacked, any solution?

Status
Not open for further replies.
C

cilembu

Active Member
858
2010
66
0
So, from reports from my users, now I realized that some of my links got hijacked, it redirects to some other files on some filehosts.

I am using the autoclickable script I found on WJ for making the links.

I have been trying to look for the cause, and I even fresh installing my wordpress script, disable plugins, but it seemed useless.

Any solution to track or possibly prevent this?

Thanks in advance
 
8 comments
I'm going to help you because your site is VERY relevant to my interests and I plan on touching myself within minutes of this post

have you checked your HTACCESS for redirect code?
 
Can you link us to an example post that redirects. We'll be able to see if it's javascript meta refresh or if it's a php or htaccess one.

Their are many different ways to redirect so we need to see an example page.
 
That's really really weird

PHP: 
<div style="text-align: center; margin: 0px;"><span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://hotfile.com/dl/95111708/5efffbe/Prince.of.Persia.The.Forgotten.Sands.PAL.MULTI.WBFS.WiiERD-ATeam.part02.rar.html ">http://hotfile.com/dl/95934165/9207848/javaddiction.STAR250.avi.html</a></span></div>

It's not a javascript or htaccess problem. It's a php problem. If you are not doing that on purpose when your writing the topics then their is a serious weird bug someplace. Can you try editing the topic. What is the bb or html code you see?
 
I'll be damned,
you were right, I saw it also in the edit post pages must be injected there when I click post. It is the php. I will look into it mate,

Thanks for the suggestions!
 
OK, just a heads up report,
I cannot fix the injected links due to its embedded to the post :( tooo many to fix one by one, however I found the source of the problem, so hopefully it wont happen again in the future.

For some reason the hacker manage to upload a php file, named sql.php, it might be injecting the post database or altering my post when I clicked publish. The codes there are secured codes, so I cannot read it and dont have time to encode it :p. So I just deleted the file.

For those who are interested in the file, I am sorry, in the brink of myself, I hit the delete button, I should have save it for reference.

Thanks for all the help mates!!
 
cilembu said:
OK, just a heads up report,
I cannot fix the injected links due to its embedded to the post :( tooo many to fix one by one, however I found the source of the problem, so hopefully it wont happen again in the future.

For some reason the hacker manage to upload a php file, named sql.php, it might be injecting the post database or altering my post when I clicked publish. The codes there are secured codes, so I cannot read it and dont have time to encode it :p. So I just deleted the file.

For those who are interested in the file, I am sorry, in the brink of myself, I hit the delete button, I should have save it for reference.

Thanks for all the help mates!!
Click to expand...

What a clever hacker. It's a pitty you deleted it. We could have decoded it as it may have some include 'file.php'; which would let you know if other alien files are on your server. This sounds like a incredibly clever hacker and most likely he's left other measures to gain access to admin if needed in future etc.
You may want to consider deleting all files and reuploading them and re-uploading any plugins or modules as well obviously making a backup first. If it was done automatically when you published then you'd need more code to include the sql.php file so I doubted the sql.php is the only file.

Anyway it's good to see you found the problem.
 
Status
Not open for further replies.
Back
Top