On this site (gov.texas.gov), only on the home page, the Espanol (or English link if you’re viewing the Spanish version of the site) link in the header recently began including a param on the end of the link. It should be https://gov.texas.gov/es/ but is now pointing to https://gov.texas.gov/es/?url=http:/m.xn—ok1b20k97kvwb89dt4p.net/bbs/board.php%3Fbo_table=42&wr_id=160586. When the client clears the Speedy cache, the appended param goes away. But as soon as the template is cached, the extra param shows up again. The extra param also changes after each refresh.
This just began happening over the weekend. The client’s concerned about a potential vulnerability somewhere within EE and/or Speedy.
Please let me know if you have any thoughts or ideas for debugging, or gathering additional details to help with debugging. Unfortunately, we do not have access to the client’s production environment (EE login nor the production server) and this problem is not happening on our dev instances.
Our client added:
“If I delete the index.php Speedy cache file and load the home page, a new cache file is created with the correct unaltered link. Once the cache file is overwritten, the altered link returns. It may be the cache that’s being exploited.”
Thanks for any ideas you may have.