Community Forums › Forums › Archived Forums › General Discussion › Genesis Simple Edits got hacked
Tagged: genesis simple edits, hacked
- This topic has 13 replies, 4 voices, and was last updated 9 years, 7 months ago by coralseait.
-
AuthorPosts
-
August 31, 2014 at 2:37 pm #122102handsunParticipant
My Simple Edits plugin is sending out spam, which means i am about to remove it, is there a reference somewhere on changing functions.php so we don't need to use Simple Edits, I hate getting these emails from my hosting company, plus it tends to blacklist the domain on email servers too. Very not fun.
August 31, 2014 at 2:55 pm #122105AnitaKeymasterWhat is the url of your site so we can take a look? What content do you have in the Genesis Simple Edits.
Love coffee, chocolate and my Bella!
August 31, 2014 at 3:53 pm #122110handsunParticipantI already deleted the plugin but now I am trying to use this to remove footer info by adding this to the bottom of functions.php and itthe footer stuff is still there
/** Remove Genesis Footer Link */
remove_action(‘genesis_footer’, ‘genesis_do_footer’);
August 31, 2014 at 4:08 pm #122112AnitaKeymasterWhat did your host say about this? The footer and plugin cannot send out spam. What did they say your issue was and how was it determined that it was the plugin? I, as well as a lot of others, use this and have never had a problem with it.
Love coffee, chocolate and my Bella!
August 31, 2014 at 4:14 pm #122115SummerMemberWhat Anita said.
The plugin does not have the capability to send emails, so it's impossible for it to be the source of the spam. If your ISP told you this, you need to run as fast as you can to another hosting provider, because they know not a thing about WordPress or troubleshooting, and this is a scary thing. To me, anyway.
Okay, now I am scared... you're with Hostgator (so am I). If someone with their tech support told you this, maybe that tech you talked to was just drunk...
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkAugust 31, 2014 at 4:22 pm #122116AnitaKeymasterIf anything, it might be the Custom Contact Forms Plugin. Now that can probably function like that.
Love coffee, chocolate and my Bella!
August 31, 2014 at 4:58 pm #122118handsunParticipantit is not hostgator, this is what they said
sample of emails being sent
2014-08-31 07:06:19 cwd=/home/XXXXXX(my account name)/public_html/babtennis.com/wp-content/plugins/genesis-simple-edits 3 args: /usr/sbin/sendmail -t -iPossible Scripts:
'/home/XXXXXX(my account name)/public_html/babtennis.com/wp-content/plugins/genesis-simple-edits/ek.php'
August 31, 2014 at 5:05 pm #122119AnitaKeymasterGo to your file manager on the host. Open up the plugin file folder and make sure you deleted the entire file folder and contents. The plugin doesn't include a genesis-simple-edits/ek.php file. If that's in there on your hosting account - then your account has been compromised. A file cannot be to a file folder in that manner unless your hosting account has been compromised. There's no need to remove the entire footer for that message.
Love coffee, chocolate and my Bella!
August 31, 2014 at 6:50 pm #122134handsunParticipantSomehow the plugin was hacked, unless they hacked in another way then just infected the Simple Edits plugin, I have already scanned the site and nothing else was found. I would like to remove the footer info, any idea why this won't work or what else I can do to remove footer info
/** Remove Genesis Footer Link */
remove_action(‘genesis_footer’, ‘genesis_do_footer’);
August 31, 2014 at 6:53 pm #122137AnitaKeymasterYou don't have all of the code in there. It should be:
// Remove Footer remove_action('genesis_footer', 'genesis_do_footer'); remove_action('genesis_footer', 'genesis_footer_markup_open', 5); remove_action('genesis_footer', 'genesis_footer_markup_close', 15);
Love coffee, chocolate and my Bella!
August 31, 2014 at 6:54 pm #122138AnitaKeymasterThe source of that information is from here - http://www.billerickson.net/code/remove-genesis-footer/.
Love coffee, chocolate and my Bella!
August 31, 2014 at 7:03 pm #122141SummerMemberRemoving the footer will not fix the problem. Somehow the permissions on your plugins folder were incorrect, and someone just dropped that ek.php script into the first open writeable directory they found.
What you need to do is delete that ek.php file, change the file permissions on the plugin folder and everything in wp-content to be correct/secure, and make sure there aren't any other copies of that script in other folders on your website.
You should be able to use File Manager from the cPanel and see what the ownership/permissions on that file are (and on the folder).
They either made their way into your hosting account, or slid in sideways from someone else's on the same server. You need to change your passwords asap, and that includes the database passwords for the WP sites.
So, to be clear... Simple Edits was not hacked. They did not change any existing Simple Edits code. Someone hacked your website or your hosting account or both, and planted a trojan in an insecure folder, which happened to be the plugin folder for Simple Edits.
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkSeptember 1, 2014 at 2:12 pm #122267handsunParticipantThank you all so much, those missing lines did the trick, perhaps Simple Edits was not the cause of the hack but just staying away from it in this site, I did update server password and wp database pw, thank again all of you and Happy Labor Day!!
September 2, 2014 at 2:37 am #122359coralseaitMemberI recommend you install iThemes Security (Better WP Security) and set the disable php in uploads. This will stop 90% of these php / script drop in attacks in the future.
-
AuthorPosts
- The forum ‘General Discussion’ is closed to new topics and replies.