WP Super Cache v0.1 vulnerable to injection / VPS crack update

Chris Messina has the specifics. That’s what happened to me.

At this point, it appears the hackers were attempting to set up a shellbot and get detailed information about the server setup. I don’t think they’ve succeeded. The scripts they were trying to use were pretty nasty. However from what I can tell, they didn’t cause any damage — beyond making me crazy for a day or so.

Donncha, the developer of WP-Super Cache has been super helpful in investigating, and he has some tips on how to check whether there’s a problem.

*Breathing a sigh of relief, and figuring out how I can increase security on my server.*

Published 9 Nov 2007 • Permalink

Categories: General

Share this entry:

Comments

Donncha O Caoimh said on 9 Nov 2007 at 10:29 am

And just to make it clear, the plugin isn’t vulnerable to any sort of attack. A bug caused directories to be made in the wrong place, with the output of WordPress pages in them.