Jump to content


Photo
- - - - -

Website Hacked?


Best Answer gmbuser , 12 December 2012 - 07:48 PM

We've begun uninstalling InfoAtoms and deleting registry keys. 

 

 

Thank you for the input.

Go to the full post


  • Please log in to reply
4 replies to this topic

#1 gmbuser

gmbuser

    Newbie

  • Members
  • 6 posts
  • Country: Country Flag

Posted 11 December 2012 - 06:28 PM

Hi Pagelines,

 

We use a PageLines Pro website for our intranet at work. The intranet is restricted to our IP addresses. We use .htaccess to control access.

 

Recently, we noticed some funky things including redirecting of external links. Also, we are seeing certain words linked to external sites (these links have the double-underline). These links are opening in pop up windows and it is not our doing.

 

Here is a screenshot:

screenshot20121211at126.png

 

 

These problems are showing up on PCs (Macs are OK) using:

 

- Internet Explorer

- Chrome

- (Firefox seems to be fine)

 

I've changed all passwords including:

 

- Users to wordpress

- Web host

- FTP accounts

- SQL DB

- Eliminated anonymous FTP access

 

I've updated:
- Wordpress

- All plugins

- Should I update Pagelines Pro?

 

After the above changes, some of the redirecting is gone (which is good), but we still have the double-underline links. 

 

Please advise and note my level of programming requires step by step instructions.

 

 

Thank you in advance!
Paul



#2 Simon_P

Simon_P

    Messer

  • Administrators



  • 8388607 posts
  • LocationDevon
  • Framework Version:2.1.1
  • Country: Country Flag

Posted 11 December 2012 - 06:32 PM

Best advice...

 

Deactivate all plugins, see if it still persists if not re-activate until you find the one causing it...

 

Could be the PC has a virus...

 

Do a view source on the page and paste the raw html to

Please Login or Register to see this Hidden Content

and i'll take a look.

 

Could be a toolbar, could be anything really.



#3 gmbuser

gmbuser

    Newbie

  • Members
  • 6 posts
  • Country: Country Flag

Posted 11 December 2012 - 08:55 PM

Thank you Advocate. I think I've figured it out. We found some malicious browser add-ons including one called InfoAtoms which was very difficult to uninstall.

 

The other question is how they installed themselves on our PCs (so far 5 computers infected). I'm wondering if our intranet / wordpress / pagelines site spread the software?

 

Unfortunately, I can't post any page source info at this time. I need to have those requests approved. I've taken a look myself and everything seems in order. Anything I should look for in particular?



#4 Simon_P

Simon_P

    Messer

  • Administrators



  • 8388607 posts
  • LocationDevon
  • Framework Version:2.1.1
  • Country: Country Flag

Posted 11 December 2012 - 08:58 PM

Wordpress or PageLines cannot install browser plugins. That was one of your employees ;)



#5 gmbuser

gmbuser

    Newbie

  • Members
  • 6 posts
  • Country: Country Flag

Posted 12 December 2012 - 07:48 PM   Best Answer

We've begun uninstalling InfoAtoms and deleting registry keys. 

 

 

Thank you for the input.