Traumflug Posted September 4, 2018 Posted September 4, 2018 Recently seen something like this when browsing to one of the thirty bees pages? That's the unfortunate result of a vulnerability in one of the WordPress modules, which thirty bees had in use on the thirtybees.com site. Good news on this one: module removed, distributed virii all removed as well. And this was quite a number, some scripting found like 6000(!) instances all over the place, across almost all thirty bees hosts. Infected files were PHP, HTML and CSS ones. On top of this, chances are good for thirty bees moving to a new server in a couple of days. This will also introduce user privileges separation between each of the virtual hosts, then, prohibiting infection from one host to another.
doclucas Posted September 4, 2018 Posted September 4, 2018 good job, man! It was really annoying. Just mentioned it to Lesley 2 days ago, while he was fighting a forum hack. Thank you both
vincentdenkspel Posted September 6, 2018 Posted September 6, 2018 I still encounter the same problem (just a few minutes ago)
Briljander Posted September 7, 2018 Posted September 7, 2018 I had a black popup that opened every time I went into the website. It seems to have been removed
Traumflug Posted September 7, 2018 Author Posted September 7, 2018 I still encounter the same problem (just a few minutes ago) Thanks for the report. Indeed I found another 8 instances.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now