The tricks of amateur programmers

…build directly into a plug-in…well, you don't have to be able to do much:   PLEASE EXCUSE THIS PAGE TEMPORARILY. How easy to see, this page is created in WordPress. A hacking attack, pretty second-rate programmers though, but at least, led to it, that you have been redirected to a page. Meanwhile I have the culprits, until I know more about it, all plug-ins remain deactivated (although everything indicates it, that they attack the WordPress installation directly). So far I know: solo.declarebusinessgroup.ga/temp.js?n = nb5 is the culprit, this is the java script, to which you will be forwarded. And after a nice PHP script, that I did quickly, quickly, did they have to do a little while. BY THE WAY: It is also written in the posts, so made cheap, but effective. You can get started with the various index.php files (wp-admin, wp-content und index.php im root). Update: 12.09.2020: All plug-ins except for WEN Call to Action. I guess hard, that these hobby programmers get into it (they can't hack properly, also wirklich zweitklassig 🙂 ) BUT NOW TO BUSINESS (because this little marketing- and hacking attacks are not worth talking about, because they are written and executed by second rate people. UPDATE: 14.09.2020: IT'S THE PLUGIN WEN CALL TO ACTION! There is nothing to indicate an external access. The plug-in has been inactive for a day, and lo and behold? The site is stable. I'll be posting the code here later this week, with which these hobby programmers get access to the code of the website in the cheapest way and change it. It is in practically all index.php files, also in the folder WP-Admin etc.. If this is the case (and it looks like it is), if this is not WordPress compliant and WordPress will ban this plug-in. The culprit is declarebusinessgroup, So here you are forwarded via index files. I have my own software, the WPCC, with the latest version, which will go online soon, Search and identify terms at the same time, in which files a term is hidden everywhere, also z.B. also a forwarding. I didn't find anything in the plug-ins, but safe is safe. Before the WEN, I never had such problems. By the way, the URL is also written to the database.  

Leave a Comment