Knowledgebase: VPS
Wordpress site being redirected to stopenumarationsz.com or other monetization sites.
Posted by Hasan B, Last modified by Hasan B on 12 April 2019 08:24:46 PM

You may face an issue wherein your Wordpress site is redirected to a URL such as https://stopenumarationsz.com or a similar monetization website. Upon checking the same from http://www.redirect-checker.org/, you will notice a 301 permanent redirect.

The redirection occurs because the Site URL and Home URL are modified to https://stopenumarationsz.com, in the Wordpress database.






Upon further investigation, we notice that the vulnerable plugin is Easy-WP-SMTP version 1.3.9. This vulnerability exploits the plugin's hook functions and allows a hacker to include malicious javascript redirects or modify the Wordpress database.

Here are a few articles discussing the issue:

-----------
-https://blog.malwarebytes.com/threat-analysis/2019/03/plugin-vulnerabilities-exploited-traffic-monetization-schemes/

-https://blog.sucuri.net/2019/03/0day-vulnerability-in-easy-wp-smtp-affects-thousands-of-sites.html

-https://wordpress.org/support/topic/vulnerability-26
--------------


According to the plugin’s forum, the vulnerability has been fixed in version 1.3.9.1

Steps to recover the site:

1. Edit the 'site_url' and 'home_url' in the wp_options table of the Wordpress database from PhpMyAdmin.


  




2. 
Access your admin Dashboard and remove any false admin accounts from Dashboard>Users>All users.

3. 
Update the Easy WP SMTP plugin to the latest version.

  • You can manually check for updates by visiting the Dashboard » Updates page.
  • You can install these updates by visiting the Plugins page. You will see a notification below each plugin that has updates available for you to install.
  • This will show you a list of updates. You can select the plugin you wish to upgrade and choose ‘Update’ from the  ‘Bulk Actions’ menu.
            
(2 vote(s))
Helpful
Not helpful

Comments (0)