Home › Forums › Calendar Products › Events Calendar PRO › My site (Calendar Pro) has been hacked
- This topic has 5 replies, 2 voices, and was last updated 9 years ago by Barry.
-
AuthorPosts
-
April 21, 2015 at 4:00 pm #957170bamdesignParticipant
Please help if you can. It’s come to my attention that the calendar on my site has been hacked and there is bogus data appearing in the calendar (pharmaceutical ads/links)
Can someone help me to better identify and resolve this as I’m not finding anything in the discussion threads to help me.
Thanks!
April 21, 2015 at 4:01 pm #957171bamdesignParticipantSorry, I just noticed that you have to hit the “next” vent button to have it appear. Once you do this, it’s appearing on all of the calendar pages.
Thanks
April 22, 2015 at 2:08 pm #957502BarryMemberHi bamdesign,
It’s never nice to be hacked and I think the best thing you can do initially is read through the advice provided here:
codex.wordpress.org/FAQ_My_site_was_hacked
This is understandably an upsetting thing to happen, but please keep in mind that while one area where these adverts surface is in an events view it is not necessarily the case that your site was compromised because of our plugins.
If you have a recent backup taken from a point where you know this problem did not exist then it may be worth reverting to that.
April 22, 2015 at 2:27 pm #957516bamdesignParticipantHi Barry,
Thank you for your email and advice. The reason why I posted this issue is that the hack has to do with a security break and it’s only happening within the “Events Calendar” part of the site. I felt that I needed to bring this to your attention along with seeing if you/anyone knows how to resolve it.
I am working on the issue and appreciate the email.
Thanks-
BrentApril 23, 2015 at 6:43 am #957663BarryMemberHi Brent,
That’s definitely a good call and we do appreciate you letting us know about it.
The thing is that once a site is hacked almost any component could be targeted and – in this case – it may be that they are not actually targeting The Events Calendar specifically but, instead, are doing something more general — such as targeting the start of the content loop, but only from within ajax requests.
If that was the case then it may just be bad luck, in a sense, that our plugin is the only component of your site implementing a loop that returns content via ajax (we use ajax when you page forwards/backwards in month and list view, etc).
With that said, we of course take security issues seriously and if you or anyone you engage to help with this problem discover any clear signs that vulnerabilities in The Events Calendar led to this we would of course be grateful if you could keep us in the loop.
Since security issues by their nature are sensitive topics, we’d appreciate it if you used our private replies facility here in the forum or else you can reach us by email:
support (at) theeventscalendar (dot) com
Thanks again for keeping us informed.
May 8, 2015 at 6:39 am #961434BarryMemberHi!
It’s been a while so I’m going to go ahead and close this topic.
- Need help with anything else? Go right ahead and post a new topic, one of the team will be only too happy to help
- Still need help with this issue and need to re-open it? Again, please simply create a new topic and link to this one to provide the team with some context
Thanks!
-
AuthorPosts
- The topic ‘My site (Calendar Pro) has been hacked’ is closed to new replies.