Tiffany B. Brown

a mish-mosh of stuff

WP Super Cache v0.1 vulnerable to injection / VPS crack update

Chris Messina has the specifics. That’s what happened to me.

At this point, it appears the hackers were attempting to set up a shellbot and get detailed information about the server setup. I don’t think they’ve succeeded. The scripts they were trying to use were pretty nasty. However from what I can tell, they didn’t cause any damage — beyond making me crazy for a day or so.

Donncha, the developer of WP-Super Cache has been super helpful in investigating, and he has some tips on how to check whether there’s a problem.

*Breathing a sigh of relief, and figuring out how I can increase security on my server.*

  • AG
    Congrats you've joined the exclusive club..
  • It happens to all of us. Welcome to the club!
  • And just to make it clear, the plugin isn't vulnerable to any sort of attack. A bug caused directories to be made in the wrong place, with the output of WordPress pages in them.

    Those attacks go on all the time and one of the reasons I block libwww-perl user agents. You're not the only one who is relieved! :)
blog comments powered by Disqus
previous post: Damn … my VPS is being cracked
next post: Seeing Saba from Sint Maarten