Yuzo security breach: your wordpress site redirected from each page to a malicious site

web hacking

web hackingThe Yuzo wordpress plugin: related posts plugin is vulnerable. Hundreds of sites have already been attacked.

Hackers exploit this flaw and inject javascript code into the MySQL database of the wordpress site, causing redirects to other malicious sites such as:

hellofromhony[.]com
hellofromhony[.]org
destinywall[.]org
clevertrafficincome[.]com
notifymepush[.]info
pushmeandtouchme[.]info
click.newsfeed[.]support
visnu[.]icu
premium-mobile[.]info
plutonium[.]icu
monitornotifyfriends[.]info
notifymepush[.]info

and many more … So no more pages of your website can be accessed, they are all redirected in a split second after opening to one of these malicious sites. Raging!

to remove the malicious code, nothing more simple! : connect to your database management web tool for MySQL PHPMyAdmin, and go to the table wp_options:

table wpoptions showing the row which is infected

find the row of the table with the value yuzo_related_post_options in the option_name column. Then click on the Edit link. In the text of the value you find a javascript script block that has nothing to do here. It looks like something like this:


<script>document.location = ...</script>

delete all text from the included script tag to the included closing tag (/ script).
Save by clicking on the execute button.
There you go !!! no more redirects, your valuable site is saved. No need for complete restoration

you can find on the internet “shady” web sites which sell a fix for this attack … No need to be bribed by people who may be themselves at the origin of this type of attacks. The correction proposed here is free and works.

To do later:
update Yuzo to a security patch, if the module authors provide one or disable or uninstall the module to prevent a new attack.

 

 

 

 


Leave a Reply