Archived

This topic is now archived and is closed to further replies.

  • 0

Website Hacked?

Question

Posted · Report post

Hi Pagelines,

 

We use a PageLines Pro website for our intranet at work. The intranet is restricted to our IP addresses. We use .htaccess to control access.

 

Recently, we noticed some funky things including redirecting of external links. Also, we are seeing certain words linked to external sites (these links have the double-underline). These links are opening in pop up windows and it is not our doing.

 

Here is a screenshot:

screenshot20121211at126.png

 

 

These problems are showing up on PCs (Macs are OK) using:

 

- Internet Explorer

- Chrome

- (Firefox seems to be fine)

 

I've changed all passwords including:

 

- Users to wordpress

- Web host

- FTP accounts

- SQL DB

- Eliminated anonymous FTP access

 

I've updated:
- Wordpress

- All plugins

- Should I update Pagelines Pro?

 

After the above changes, some of the redirecting is gone (which is good), but we still have the double-underline links. 

 

Please advise and note my level of programming requires step by step instructions.

 

 

Thank you in advance!
Paul

Share this post


Link to post
Share on other sites

4 answers to this question

Posted · Report post

We've begun uninstalling InfoAtoms and deleting registry keys. 

 

 

Thank you for the input.

Share this post


Link to post
Share on other sites

Posted · Report post

Best advice...

 

Deactivate all plugins, see if it still persists if not re-activate until you find the one causing it...

 

Could be the PC has a virus...

 

Do a view source on the page and paste the raw html to http://paste.pagelines.com and i'll take a look.

 

Could be a toolbar, could be anything really.

Share this post


Link to post
Share on other sites

Posted · Report post

Thank you Advocate. I think I've figured it out. We found some malicious browser add-ons including one called InfoAtoms which was very difficult to uninstall.

 

The other question is how they installed themselves on our PCs (so far 5 computers infected). I'm wondering if our intranet / wordpress / pagelines site spread the software?

 

Unfortunately, I can't post any page source info at this time. I need to have those requests approved. I've taken a look myself and everything seems in order. Anything I should look for in particular?

Share this post


Link to post
Share on other sites

Posted · Report post

Wordpress or PageLines cannot install browser plugins. That was one of your employees ;)

Share this post


Link to post
Share on other sites