Security Issue: Site hacked but only on page using DataTables
Security Issue: Site hacked but only on page using DataTables
Jimmer
Posts: 1Questions: 0Answers: 0
I know this will sound crazy but here goes:
I'm using DataTables (v. 1.9.2) on one page of a client site and that page (and ONLY that page) has been hacked.
So I'm wondering if there's some security hole in this script that might be doing this.
Here's the outline of the problem:
When one googles the client's name (I don't want to attract attention so let's just call it theclient.com, which it isn't) one gets a list of links within his site. One of those links is for a page (theclient.com/schedule/) but its headline is for buying a certain prescription drug online. That drug isn't mentioned in the page.
So it's a pharma hack of some kind. Search engines see the "prescription drug page" and actual browsers see the intended schedule page. I've rooted out many things that might have caused the problem (timthumb and various other suspicious files).
But the problem has recurred. I'm considering taking DataTables off to see if that fixes it.
But of course I like the functionality.
The site runs on WordPress and Datatables is only called on that one page of the site.
It is clear to me that Datatables isn't making the drug page show up for search engines; there are other files that are somehow being injected into the site (I've changed FTP passwords a couple times).
But I keep coming back to the question: why are they attacking only one page? And why is it the only page with this bit of javascript?
I'm NOT very good with javascript, so go easy on me.
I'm using DataTables (v. 1.9.2) on one page of a client site and that page (and ONLY that page) has been hacked.
So I'm wondering if there's some security hole in this script that might be doing this.
Here's the outline of the problem:
When one googles the client's name (I don't want to attract attention so let's just call it theclient.com, which it isn't) one gets a list of links within his site. One of those links is for a page (theclient.com/schedule/) but its headline is for buying a certain prescription drug online. That drug isn't mentioned in the page.
So it's a pharma hack of some kind. Search engines see the "prescription drug page" and actual browsers see the intended schedule page. I've rooted out many things that might have caused the problem (timthumb and various other suspicious files).
But the problem has recurred. I'm considering taking DataTables off to see if that fixes it.
But of course I like the functionality.
The site runs on WordPress and Datatables is only called on that one page of the site.
It is clear to me that Datatables isn't making the drug page show up for search engines; there are other files that are somehow being injected into the site (I've changed FTP passwords a couple times).
But I keep coming back to the question: why are they attacking only one page? And why is it the only page with this bit of javascript?
I'm NOT very good with javascript, so go easy on me.
This discussion has been closed.
Replies
Given that DataTables is a client-side script, I'm not sure how DataTables would be the cause here, so some investigation is needed.
Allan
Allan