My site (Calendar Pro) has been hacked

  • Post date

Home Forums Calendar Products Events Calendar PRO My site (Calendar Pro) has been hacked

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • April 21, 2015 at 4:00 pm #957170
    bamdesign
    Participant

    Please help if you can. It’s come to my attention that the calendar on my site has been hacked and there is bogus data appearing in the calendar (pharmaceutical ads/links)

    http://www.sonomadiscoveries.com/events/list/?action=tribe_list&tribe_paged=2&tribe_event_display=list

    Can someone help me to better identify and resolve this as I’m not finding anything in the discussion threads to help me.

    Thanks!

    April 21, 2015 at 4:01 pm #957171
    bamdesign
    Participant

    Sorry, I just noticed that you have to hit the “next” vent button to have it appear. Once you do this, it’s appearing on all of the calendar pages.

    Thanks

    April 22, 2015 at 2:08 pm #957502
    Barry
    Member

    Hi bamdesign,

    It’s never nice to be hacked and I think the best thing you can do initially is read through the advice provided here:

    codex.wordpress.org/FAQ_My_site_was_hacked

    This is understandably an upsetting thing to happen, but please keep in mind that while one area where these adverts surface is in an events view it is not necessarily the case that your site was compromised because of our plugins.

    If you have a recent backup taken from a point where you know this problem did not exist then it may be worth reverting to that.

    April 22, 2015 at 2:27 pm #957516
    bamdesign
    Participant

    Hi Barry,

    Thank you for your email and advice. The reason why I posted this issue is that the hack has to do with a security break and it’s only happening within the “Events Calendar” part of the site. I felt that I needed to bring this to your attention along with seeing if you/anyone knows how to resolve it.

    I am working on the issue and appreciate the email.

    Thanks-
    Brent

    April 23, 2015 at 6:43 am #957663
    Barry
    Member

    Hi Brent,

    That’s definitely a good call and we do appreciate you letting us know about it.

    The thing is that once a site is hacked almost any component could be targeted and – in this case – it may be that they are not actually targeting The Events Calendar specifically but, instead, are doing something more general — such as targeting the start of the content loop, but only from within ajax requests.

    If that was the case then it may just be bad luck, in a sense, that our plugin is the only component of your site implementing a loop that returns content via ajax (we use ajax when you page forwards/backwards in month and list view, etc).

    With that said, we of course take security issues seriously and if you or anyone you engage to help with this problem discover any clear signs that vulnerabilities in The Events Calendar led to this we would of course be grateful if you could keep us in the loop.

    Since security issues by their nature are sensitive topics, we’d appreciate it if you used our private replies facility here in the forum or else you can reach us by email:

    support (at) theeventscalendar (dot) com

    Thanks again for keeping us informed.

    May 8, 2015 at 6:39 am #961434
    Barry
    Member

    Hi!

    It’s been a while so I’m going to go ahead and close this topic.

    • Need help with anything else? Go right ahead and post a new topic, one of the team will be only too happy to help
    • Still need help with this issue and need to re-open it? Again, please simply create a new topic and link to this one to provide the team with some context

    Thanks!

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • The topic ‘My site (Calendar Pro) has been hacked’ is closed to new replies.