WP Super Cache v0.1 vulnerable to injection / VPS crack update
Chris Messina has the specifics. That’s what happened to me.
At this point, it appears the hackers were attempting to set up a shellbot and get detailed information about the server setup. I don’t think they’ve succeeded. The scripts they were trying to use were pretty nasty. However from what I can tell, they didn’t cause any damage — beyond making me crazy for a day or so.
Donncha, the developer of WP-Super Cache has been super helpful in investigating, and he has some tips on how to check whether there’s a problem.
*Breathing a sigh of relief, and figuring out how I can increase security on my server.*
And just to make it clear, the plugin isn’t vulnerable to any sort of attack. A bug caused directories to be made in the wrong place, with the output of WordPress pages in them.
Those attacks go on all the time and one of the reasons I block libwww-perl user agents. You’re not the only one who is relieved!
It happens to all of us. Welcome to the club!
Congrats you’ve joined the exclusive club..