Traumflug Posted September 4, 2018 Share Posted September 4, 2018 Recently seen something like this when browsing to one of the thirty bees pages? That's the unfortunate result of a vulnerability in one of the WordPress modules, which thirty bees had in use on the thirtybees.com site. Good news on this one: module removed, distributed virii all removed as well. And this was quite a number, some scripting found like 6000(!) instances all over the place, across almost all thirty bees hosts. Infected files were PHP, HTML and CSS ones. On top of this, chances are good for thirty bees moving to a new server in a couple of days. This will also introduce user privileges separation between each of the virtual hosts, then, prohibiting infection from one host to another. Link to comment Share on other sites More sharing options...
doclucas Posted September 4, 2018 Share Posted September 4, 2018 good job, man! It was really annoying. Just mentioned it to Lesley 2 days ago, while he was fighting a forum hack. Thank you both Link to comment Share on other sites More sharing options...
vincentdenkspel Posted September 6, 2018 Share Posted September 6, 2018 I still encounter the same problem (just a few minutes ago) Link to comment Share on other sites More sharing options...
Briljander Posted September 7, 2018 Share Posted September 7, 2018 I had a black popup that opened every time I went into the website. It seems to have been removed Link to comment Share on other sites More sharing options...
Traumflug Posted September 7, 2018 Author Share Posted September 7, 2018 I still encounter the same problem (just a few minutes ago) Thanks for the report. Indeed I found another 8 instances. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now