Tiffany B. Brown

a mish-mosh of stuff

WP Super Cache v0.1 vulnerable to injection / VPS crack update

Chris Messina has the specifics. That’s what happened to me.

At this point, it appears the hackers were attempting to set up a shellbot and get detailed information about the server setup. I don’t think they’ve succeeded. The scripts they were trying to use were pretty nasty. However from what I can tell, they didn’t cause any damage — beyond making me crazy for a day or so.

Donncha, the developer of WP-Super Cache has been super helpful in investigating, and he has some tips on how to check whether there’s a problem.

*Breathing a sigh of relief, and figuring out how I can increase security on my server.*

  • http://ocaoimh.ie/ Donncha O Caoimh

    And just to make it clear, the plugin isn’t vulnerable to any sort of attack. A bug caused directories to be made in the wrong place, with the output of WordPress pages in them.

    Those attacks go on all the time and one of the reasons I block libwww-perl user agents. You’re not the only one who is relieved! :)

  • http://ocaoimh.ie/ Donncha O Caoimh

    And just to make it clear, the plugin isn’t vulnerable to any sort of attack. A bug caused directories to be made in the wrong place, with the output of WordPress pages in them.

    Those attacks go on all the time and one of the reasons I block libwww-perl user agents. You’re not the only one who is relieved! :)

  • http://www.rashidmuhammad.com/ Rashid Z. Muhammad

    It happens to all of us. Welcome to the club!

  • http://www.rashidmuhammad.com Rashid Z. Muhammad

    It happens to all of us. Welcome to the club!

  • http://bkaeg.org/blog AG

    Congrats you’ve joined the exclusive club..

  • http://bkaeg.org/blog AG

    Congrats you’ve joined the exclusive club..