After updating elementor it has also corrected the field _elementor_assets_data from the table _options, so no need to mess in there. After changing siteurl field at _options table, and regain access to wp cpanel and updating Elementor Pro plugin from version 3.5 to 3.12 (info says the vulnerability happens from 3.6 bellow) things started to get back in shape. Thank you all cause did put me in right direction to solve it. So has some friends pointed out here, the vulnerability comes from Elementor Pro + Woocommerce. Still have no clue on what was the flaw that allowed this and how to protect it from future attacks. I'll keep on digging and when find a solution for my case I'll share it. I don't know what values it should have but mailserver_pass password yes is not a good value for sure. At the wordpress _options table the following fields mailserver_url, mailserver_login, mailserver_pass also have strange values.I've changed it to my website url and this way had access to the wp cpanel. I have checked my _options wordpress table (the suffix may not be "wp", thank you Dimistris for pointing this table) and the field siteurl had indeed a hacked url.htaccess file and theme's header.php, footer.php, functions.php files and found nothing unusual there. An hour ago my website presented this output:Īnd after it started redirecting to different url and chained redirects with spam and ads.Also noticed there were new strange users being created.
16 hours ago I received a strange email saying the admin email had changed to Admin email sent through the website (like creating new user) started giving errors.
0 kommentar(er)
