Our Website was auto redirecting Google search traffic to dozens of unknowns website: How we fixed it?

We were randomly checking our website from mobile and to our surprise when I googled specific keywords from the WordPress woocommerce e-commerce website Dakhm.com and tapped on the search result of Dakhm, it took us to that Dakhm’s page but it auto-redirected to a couple of other websites and landed on a betting site. It was clear like a day that the website was hacked. After 1-2 days of work, I was able to find the malware with the plugin and deactivated it, now it is working fine. Dive into the article below to learn from our journey.

How did we find our website was hacked?

One of the customer over call asked for a products price, I searched with my mobile with that product name by adding Dakhm to it so google will show Dakhm’s product on first place. I tapped on the google result and on Dakhm’s product page I couldn’t tap anything and it auto redirected to other random websites. I was frustrated and understood something was wrong and website was hacked. Another abnormal fact was, when we visited from google search one of the popups by Popup Builder was automoataclly popup. Though that pop up should not pop up automatically by default when visiting the product page or any other page as that pop up was setup to pop on mouse click.

Server CPU usage was high and website was not loading

CPU usage was high on the hosting and website was not loading at all the previous days, maybe that CPU high usage was there for past 2 days. I was checking back server at Cloudways and showing CPU and ram was high constantly and not letting the site be online for more than 1 hour. I checked Cloudways monitoring tabs where I could see random ips from outside Bangladesh was accessing large number of json files constantly and those ips was not checking any product but other URLs. Normally I can understand the pattern of bots and hackers from outside Bangladesh, as Dakhm is only available for Baangladeshi customers so google will not show search results to foreign countries therefore we don’t visitors from outside Bangladesh that often. Also normal visitors checks products and and their account. When I saw large number ips from other countries was hitting Dakhm and exhausting server resources, I realsed something was not right.

How did we understand the attack on the site?

I took the ips from Cloudways and searched them on https://www.abuseipdb.com/check/23.22.35.162 and found people already reported those ips. I contacted Cloudways support, but they couldn’t point out the those ips as hackers as they didn’t suggest anything to protect the site or blocked those ips. We were bit confused to block or not block those ips? What if those are search engine bots? Cloudways support people are really good, they takes time and responsibility to solve issues but they can not solve all the issues and I can understand their effort and I have no complaints. So I let it as it is due to many ips and I can not block all the ips and wait for the server resources to back to normal. Again on the Dakhm’s product page if we tap any link the redirection starts so this is clearly a javascript issue and JS code was injected.

What cloudways did to minimize the server load?

They restarted my server in that way server load was back to normal but the attack started all over again, and I had nothing to do but wait to get back to normal.

What steps did we take to point out the hacked code?

I previously solved many hacked websites and have seen problems before. Some of my tricks are below:

Look for redirected website names on source code of the effected site

You can inspect element the effected site and search for names of the redirected websites and see which code is making the redirection, but this method was not working here.

Inspect Element using Chrome browser

Inspect element every possible way to look for the redirection code with Chrome developer tools, this method did not work either, maybe chrome has advanced tools that we need to learn to analyze such hacking code injection

Wordfence security plugin

We initiated a site scan with Wordfence though the wrdpress plugin was activated during site hacking but this plugin couldn’t stop such an accident. Also, Wordfence was not able to scan the whole site, we tried multiple times and this plugin has limitations and this plugin was no use either for now.

Cloudways Support

Their chat agent was unable to say about the malare, he created ticket for other department to solve. Later another support team member contacted and scanned the site but was not able to pin point the effected code. I asked him if he can point out the exact file or code, he said it was not their scope and asked me take their paid security service.

How did we remove the malware?

From their screenshot above I found out “pbuilder” type of word, I searched source code with it but found nothing but I saw “builder” type word on pop plugin div class names. I deactivated the pop up plugin and Thanked Allah! the malware was removed, so the attacker injected the code on that plugin.

Final check

I checked their support form https://wordpress.org/support/plugin/popup-builder/ and saw other people also reported the hack, so I was 200% sure and relieved. But the pop up function on the site remains broken as I deactivated the plugin.

Our Website was auto redirecting Google search traffic to dozens of unknowns website: How we fixed it?

What precautions should you take to avoid such hacking?

Actaully there are no specific operation to take. It is good to update all the plugins and themes time to time. And look for any abnormal changes after each plugin update or anytype of update. In my opinion the hackers exploited the weak spot of the plugin and did the attack so it is entirely the plugin’s fault.

How to show few lines of text using CSS

On IndoorGuider.com we are using Simple Author Box plugin. IndoorGuider is a website where you can get guidance on kitchen recipes and kitchen appliances. We are using that Author box plugin to show the author’s bio under all blog posts.

How to show few lines of text using CSS
showing few lines of text using CSS

Why show few lines of text using CSS?

We are using free version of Simple Author Box plugin and they have very limited featured on free version. Also they don’t have such feature where you can show exactly 3 or 4 lines of texts. We had a long description for authors bio but we wanted to show exactly 4 lines of texts in both desktop and mobile responsive.

The CSS code

I applied the CSS code:

 .saboxplugin-wrap .saboxplugin-desc p {
    
   overflow: hidden;
   display: -webkit-box;
   -webkit-line-clamp: 4; /* number of lines to show */
   line-clamp: 4; 
   -webkit-box-orient: vertical;
    
}

With the above code you can apply to any div, just change the class names and it will work.

Let me know in comments if any issues.

YITH Infinite Scrolling plugin not working after the update

In WordPress, plugins are essential tools that enhance functionality and improve user experience on websites. Sometimes conflicts between plugins can arise, causing unexpected issues. One common problem users encounter is when the YITH Infinite Scrolling plugin stops working due to conflicts with the WP Optimize cache plugin after an update.

On Dakhm we were using WP Optimize and YITH Infinite Scrolling plugin all was running OK with no conflicts. We do regular updates of all plugins, but suddenly we saw YITH Infinite Scrolling plugin stopped working after update. Conflicted versions are:

  • WP-Optimize 3.3.0
  • YITH Infinite Scrolling plugin Version 1.19.0

How to find the issue and solve it?

We used chrome inspect element and saw WP-Optimize was minifying the javascript of YITH Infinite Scrolling plugin. So I did something like the below image and the problem was solved. Here we let a javascript file of YITH Infinite Scrolling plugin to be ignored by minification by WP Optimize plugin.

YITH Infinite Scrolling plugin not working after the update

Understanding YITH Infinite Scrolling Plugin

What is YITH Infinite Scrolling Plugin?

YITH Infinite Scrolling is a WordPress plugin designed to replace traditional pagination on your site with an infinite scroll feature. It allows users to continuously load content as they scroll down the page, providing a smoother browsing experience.

Benefits of Using Infinite Scrolling

  • Improved user engagement
  • Faster navigation through content
  • Reduction in bounce rates

Understanding WP Optimize Plugin

What is WP Optimize Plugin?

WP Optimize is a popular WordPress plugin used for optimizing and cleaning up databases, compressing images, and caching pages to improve website performance and speed.

Benefits of Using WP Optimize

  • Increased site speed
  • Enhanced SEO performance
  • Reduced server load

The Conflict After Update

After updating either the YITH Infinite Scrolling plugin or the WP Optimize plugin, users may notice that the infinite scrolling feature stops working. This conflict often arises due to changes in plugin code or compatibility issues with other plugins or themes.

Symptoms of Conflict

  • Infinite scrolling feature not loading new content
  • Website freezes or crashes when scrolling
  • Console errors related to JavaScript conflicts

Common Reasons for Conflict

  • Changes in plugin code during updates
  • Conflict with other plugins or themes
  • JavaScript errors caused by conflicting scripts

Troubleshooting Steps

Resolving conflicts between YITH Infinite Scrolling and WP Optimize plugins requires systematic troubleshooting.

Step 1: Identifying the Conflict

Disable all other plugins except YITH Infinite Scrolling and WP Optimize to isolate the issue.

Step 2: Deactivating Plugins

Reactivate plugins one by one to identify which one is causing the conflict.

Step 3: Updating Plugins

Ensure both YITH Infinite Scrolling and WP Optimize plugins are updated to the latest versions to resolve compatibility issues.

Step 4: Testing Compatibility

Check if the conflict persists with different themes or plugin combinations to determine the root cause.

Step 5: Seeking Support

If troubleshooting steps fail, reach out to plugin developers or WordPress forums for assistance in resolving the conflict.

Prevention Measures

To prevent conflicts between plugins in the future, follow these best practices:

  • Regularly update plugins to the latest versions.
  • Test plugin updates in a staging environment before applying them to the live site.

Conclusion

Conflicts between YITH Infinite Scrolling and WP Optimize plugins can disrupt website functionality, but with proper troubleshooting and preventive measures, users can resolve these issues and ensure a seamless browsing experience for their visitors.

FAQs

  1. Why did the conflict between YITH Infinite Scrolling and WP Optimize occur after the update?
    • Conflicts can arise due to changes in plugin code or compatibility issues with other plugins or themes.
  2. How can I troubleshoot the conflict between YITH Infinite Scrolling and WP Optimize?
    • Start by identifying the conflict, deactivating other plugins, and updating both plugins to the latest versions.
  3. Are there any preventive measures to avoid conflicts in the future?
    • Yes, regularly update plugins and test updates in a staging environment before applying them to the live site.
  4. Can conflicting plugins cause damage to my website?
    • While conflicts can disrupt functionality, they typically do not cause permanent damage. However, it’s essential to resolve them promptly to ensure optimal site performance.
  5. What should I do if I cannot resolve the conflict on my own?
    • If troubleshooting steps fail, seek support from plugin developers or WordPress forums for assistance.

Check Most Recent Posts