WordPress Hack Redirect - collectfasttracks.com, bullgoesdown.com

WordPress Hacked RedirectIn many current WordPress hacks the symptom occurs that visits to the website are redirected to an external domain. This is referred to as 'malware redirects' or 'spam redirects'.
This article explains how this redirect happens and which variations are possible. Since these redirects do not always occur consistently, this type of hack can sometimes remain undetected for a longer period of time.
One thing is certain: urgent action is required so that no valuable traffic is lost.

If you do not want to lose any time, do not hesitate to contact us.

EnglishWe speak English! If you need assistance cleaning your hacked site, feel free to contact us via chat or This email address is being protected from spambots. You need JavaScript enabled to view it..

Involved domain names in WordPress hacks

At present, the main ones involved are stat.trackstatisticsss.com, dest.collectfasttracks.com, gotosecond2.com and forwardmytraffic.com involved as injected script sources or redirect targets. The content behind them varies widely - from simple spam pages and XXX offers to sweepstakes redirects.
Very common: You have made the billionth Google search - a frequent symptom of a WordPress hack.

An ongoing list of domains indicating a hack (as of May 2020):

  • stat.trackstatisticsss.com
  • ws.stivenfernando.com
  • dest.collectfasttracks.com
  • gotosecond2.com
  • makesomethird3.com
  • wiilberedmodels.com
  • bullgoesdown.com
  • forwardmytraffic.com
  • dns.createrelativechanging.com
  • greatinstagrampage.com
  • gabriellalovecats.com
  • jackielovedogs.com
  • tomorrowwillbehotmaybe.com
  • activeandbanflip.com
  • developsincelock.com
  • blueeyeswebsite.com

WordPress spam redirects - possible hiding places

In principle, automatic redirects may have been placed in any file loaded by the WordPress system - internal or external.
In addition, script injections directly into the database are also common.
There are various possible hiding places for spam redirects:

  • JavaScript injections in PHP files
    • Especially the themes' functions.php
  • Modified JS files
  • Modified site-url / home-url (database)
  • Script injections in pages and posts (database)
  • Script injections in widgets (database)
  • @include of a hidden, malicious favicon.ico file in index.phps ( or wp-config.php)
  • Injected plugins
  • Modified .htaccess files
  • Integrated ad networks (hacked ad servers)

Clean the wp_content table via phpMyAdmin

A typical injection that may be found in all WordPress posts would be, for example:

You can remove the script with the following SQL command:
UPDATE `wp_posts` SET post_content=REPLACE(post_content,'','');

The database table prefix wp_ may need to be replaced with your individual prefix.

Investigating the cause of the hack - closing WordPress security vulnerabilities
The main cause of hacked websites is outdated versions. WordPress itself, all plugins, and the theme must be updated regularly.
In the current malicious redirect campaign the following plugins are being attacked, as older versions are vulnerable:
     
  • Duplicator
    •  
  • Advanced Access Manager
    •  
  • Bold Page Builder
    •  
  • Blog Designer
    •  
  • Live Chat with Facebook Messenger
    •  
  • Yuzo Related Posts
    •  
  • Visual CSS Style Editor
    •  
  • WP Live Chat Support
    •  
  • Form Lightbox
    •  
  • Hybrid Composer
    •  
  • Woocommerce User Email Verification
    •  
  • Yellow Pencil Visual Theme Customizer
    •  
  • Coming Soon and Maintenance Mode
    •  
  • All NicDark plugins
    •  
Successfully attacked plugins can be identified using our Access Log Analysis Tool which you are welcome to use for further investigation of the attack. A certain level of technical understanding is required. If needed, we can handle the WordPress hack cleanup for you at a low fixed price.
 
 
Details
  Last Updated: 04 May 2020 
 
 
 
 
 
 
Additional Services
What Our Customers Say About Us
   
“The migration of our Joomla website from PHP 5.3 to PHP 7 was completed super quickly, affordably, and with flawless results. Very good and friendly communication.” 
– H. Bergmann
“Within one day, everything was done extremely professionally and extremely quickly. Very trustworthy. Excellent. 5 stars.”
– Fernando V.
“I didn’t know how to help myself, but here I found the expertise needed to get everything cleaned up again. The necessary updates and backups were carried out — all extremely affordable, fast, and done well!” 
– Klaus-Peter
“The site looks great — everything just like before — and all under PHP 7.2 — I’m impressed. Many heartfelt thanks!” 
– Dr. Ingo Wuddel
“Since we run an online shop, it was very important for us that our website be made fully available again for our customers as quickly as possible. All work was carried out extremely quickly and to our complete satisfaction.” – Löwen Handels GmbH
“Very fast, professional, and solution-focused handling of the problem. In addition, I was given tips and Strato-specific information to reduce the risk of the problem recurring.” 
– Heino B.
“The contact was especially friendly, and some additional cosmetic work was taken care of on their own initiative — as if it were the most natural thing in the world. I am relieved and very grateful.”
– R. Mayer
“Excellent. In an absolute emergency, when 2 domains were suspended by Strato due to a hacker attack, both domains were temporarily brought back online the very same day.”
– I. Radchenko
“Outstanding service. Problem solved within 18 hours. We are delighted. Thank you very much 🙏” 
– Tien Sy Vuong
 Website-Bereinigung.de Support Service 
 5.0          205 Reviews >  5 
Google Reviews
Contact options
 This email address is being protected from spambots. You need JavaScript enabled to view it. 
Contact form
 Schedule a call
+49 (0)2406 969796
Mon. - Fri. | 9 am - 9 pm