To all my visitors…

This is a bit lengthy, but it’s VERY IMPORTANT, so please read if you visited Daiyamanga between late March 2019 and May 27, 2019.

So today renxkyoko informed me that she had repeatedly tried to post a comment on a post but couldn’t. So I decided to try posting some test comments of my own. I have had issues the past couple of weeks where a spambot has been trying to post junk links, so I thought it was possible that perhaps the couple of keywords I was using to block them were affecting her comments.

But as I was fake commenting here, I noticed something odd: my pop-up blocker went into effect. “That’s strange,” I thought. After all, Daiyamanga is ad-free. I can’t guarantee it will always be that way, but I digress. But maybe I had just clicked on something odd while I was accessing Daiyamanga, because I suddenly found myself at Yahoo.

Unfortunately, that wasn’t the case. Links like this one were automatically being generated on my site:

Yuzo Exploit Link

It turns out that a plug-in that I had installed here had an exploit that scummy hackers took advantage of to launch an XSS redirect attack. Upon loading Daiyamanga or other sites with this plug-in installed, there would be a pop-up and/or the first link clicked would send users elsewhere. These include “you have been affected by a virus”-type sites or try to install something on your computer. Reports came out as early as the end of March, but the story was really picked up in mid April. But I had no idea until today. I don’t know if I’ve been subjecting you, my dear visitors, since then or if it only started recently. I didn’t get a message or anything, it didn’t affect me when I viewed my blog, and while I do try to select highly rated plug-ins and keep them updated, I don’t follow WordPress tips/warning sites. I guess I better. Regardless, please accept my deepest apologies.

I hope none of you have fallen for these scammers’ malicious tricks. If you have clicked on any suspicious links or downloaded something right after visiting Daiyamanga, immediately start running a virus/malware/spyware scan and change passwords. Even if you haven’t, I strongly urge that anyone who has visited Daiyamanga since March run a scan if you haven’t recently. You may want to cookies and/or history, particularly if you have any from getalinkandshare.com. Changing passwords never hurts, but again, run scans first.

The plug-in has been disabled and removed of course, and I have installed protection that should hopefully prevent anything like this from happening in the future. I do not store any information here, so none of your personal information should be affected if you follow/like/comment here. Although I visit many of your blogs, there shouldn’t be anything from me commenting or liking your posts. A lot of you probably read my blog through the WordPress.com Reader, so that could be a reason why it escaped attention for so long. It also didn’t happen the one or two times I tried on my iPad, so perhaps it affected computers only?

If anybody has any information on this or any other odd behavior here, please let me (and others!) know by posting a comment or emailing me. If you have any other questions or just want to yell at me, you can do that too.

17 Comments

  1. tanteikid94

    Glad you sorted it.

    Reply
    1. Krystallina (Post author)

      Yes, thankfully.

      Reply
  2. Matthew

    That’s really scary that something shady was hiding.

    Reply
    1. Krystallina (Post author)

      Yep, you never know. The plugin had like 60,000 installs, so that’s a lot of sites that were affected.

      Reply
      1. Matthew

        Dang 60,000?! That’s a lot. It’s crazy how sneaky and shady hackers can infect.

        Reply
  3. Scott

    Thanks for the warning. Well do this now.

    Reply
    1. Krystallina (Post author)

      Hope your system is okay!

      Reply
  4. Pete Davison

    Sorry to hear you’ve had to deal with this, it’s a real pain — and it’s the main reason why I’ve chosen to keep my site on WordPress.com rather than self-hosting. I miss the flexibility that the ability to add plugins offers, but I’ve had similarly negative experiences in the past, and I found it very difficult and time-consuming to plug the security holes, stay on top of updates and suchlike. (This was a few years back now, mind, so I think those processes are all much more straightforward now!)

    It sucks that so much of the Internet is affected by skeezy practices like this. It really irritates me when I find a helpful or useful site and it’s riddled with pop-ups and other misleading advertising designed to get around adblockers.

    Reply
    1. Krystallina (Post author)

      Yeah, both WordPress.com and .org have their advantages. My host service takes care of the WordPress updates, so all I have to do is hit updates on the plugins page, which is nice. But I learned my lesson: check when the last time they were updated!

      But yeah, if those people spent as much time doing honest work instead of being sleazy, the world and web would both be better places.

      Reply
  5. Mallow

    Damn, that is concerning but glad you got it sorted out krystal!!

    Reply
    1. Krystallina (Post author)

      Yes, fortunately, now just crossing my fingers that no one was affected by this.

      Reply
  6. Lumi

    Thanks for telling us! People are scum.

    Reply
    1. Krystallina (Post author)

      If they’re that talented with coding, they could instead use their skills to create amazing things rather than trying to scam people.

      Reply
  7. Denny Sinnoh

    Sorry you had hacker problems.

    Oh, by the way — Do you want to buy some Magic Beans? … CLICK HERE

    ha.

    Reply
    1. Krystallina (Post author)

      Thank you! Oh, I could totally use some magic beans after a long day.
      *click*
      Dang it!

      Reply
  8. The Otaku Judge

    I noticed pop-ups the last few times I left comments (a while back). I assumed you were monetizing your site so I just closed the new tabs that would appear. Dang, now I wish I would have mentioned something.

    Reply
    1. Krystallina (Post author)

      The main thing is long as your system is OK. Good thing you closed them right away.

      Reply

Leave a Reply

%d bloggers like this: