Security Issue: Site hacked but only on page using DataTables

Security Issue: Site hacked but only on page using DataTables

JimmerJimmer Posts: 1Questions: 0Answers: 0
edited July 2012 in DataTables 1.9
I know this will sound crazy but here goes:
I'm using DataTables (v. 1.9.2) on one page of a client site and that page (and ONLY that page) has been hacked.
So I'm wondering if there's some security hole in this script that might be doing this.
Here's the outline of the problem:
When one googles the client's name (I don't want to attract attention so let's just call it theclient.com, which it isn't) one gets a list of links within his site. One of those links is for a page (theclient.com/schedule/) but its headline is for buying a certain prescription drug online. That drug isn't mentioned in the page.
So it's a pharma hack of some kind. Search engines see the "prescription drug page" and actual browsers see the intended schedule page. I've rooted out many things that might have caused the problem (timthumb and various other suspicious files).
But the problem has recurred. I'm considering taking DataTables off to see if that fixes it.
But of course I like the functionality.
The site runs on WordPress and Datatables is only called on that one page of the site.
It is clear to me that Datatables isn't making the drug page show up for search engines; there are other files that are somehow being injected into the site (I've changed FTP passwords a couple times).
But I keep coming back to the question: why are they attacking only one page? And why is it the only page with this bit of javascript?
I'm NOT very good with javascript, so go easy on me.

Replies

  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin
    edited July 2012
    Can you PM me with details (ideally a link) and I will look into this. You can do so my clicking on my forum name ("allan") and selecting the "Send message" option.

    Given that DataTables is a client-side script, I'm not sure how DataTables would be the cause here, so some investigation is needed.

    Allan
  • blaw2422blaw2422 Posts: 4Questions: 0Answers: 0
    Are you up to date on Wordpress?? what version are you running?
  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin
    I haven't heard anything more about this form Jimmer unfortunately. Hopefully they can get back to us with more information.

    Allan
This discussion has been closed.