Security problems

  • Resolved carlosrovira

    (@carlosrovira)


    2 years, 8 months ago

    Hi I installed podscache since wordpress was telling me that pods recommends this plugin. I have wordfence installed too. I saw podscache files are compromised. The following is an example:

    Nombre del archivo: wp-content/podscache/000001/6/27e/09f/5ce4bbb2d44c7015c7f082c5b.php
Tipo de archivo: No un archivo del núcleo, de tema o de plugin de wordrpess.org.
Detalles: This file contains references to performance-enhancing pharmaceuticals. If your site does not sell or review pharmaceuticals, this is likely an indicator that it has been compromised. We recommend that you get your site professionally cleaned by the experts at Wordfence.
El texto coincidente en este archivo es: \xe6\xab"b\x0a<?php exit; ?>\x0aa:28:{s:2:"ID";i:15845;s:11:"post_author";s:1:"0";s:9:"post_date";s:19:"2022-02-26 01:16:38";s:13:"post_date_gmt";s:19:"2022-02-26 00:16:38";s:12:"post_content";s:441:"Susandot\x0azsv...

El tipo de problema es: Spam:TXT/pharm.cache.10214
Descripción: Cached pharma spam

    So I removed this plugin.

    Hope you guys can solve the problem so podscache has proper security and wordfence trust it.

    thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Scott Kingsley Clark

    (@sc0ttkclark)

    I believe you should be checking into your site/server immediately if you are seeing your file system has been compromised on the hosting side. Pods Alternative Cache is most likely not the cause of these files being compromised due to how Pods saves the data. Pods saved the data in the serialized array there but everything else was adjusted after the save.

    You can add additional protection for your sites files by adding .htaccess rules for certain directories to prevent direct access to files.

    I will work on a custom .htaccess file for the Pods Alternative Cache file directory as well just to be sure when people find their hosting has been compromised, that Pods Alternative Cache can attempt to protect them. However — if your hosting has been compromised then you are likely going to see .htaccess files be modified to allow traffic through.

    Just noting here too — Pods Alternative Cache will read that file and not return what it expects because the data is not valid (it expects an array).

    Thanks for letting me know about the issue on your site, I am hoping that adding a Pods Alternative Cache specific .htaccess file will at least help reduce issues like this in the future.

    Ultimately, when hosting/file system has been compromised, this isn’t the only place targeted. They target a lot of different PHP files just hoping to get content onto the site. I doubt their script even knows what Pods or Pods Alternative Cache is. It just saw php files in the directory.

    Plugin Author Scott Kingsley Clark

    (@sc0ttkclark)

    Pods Alternative Cache 2.1.3 is out and you can update and activate it whenever you’d like. It includes a fix to prevent search engines indexing those files as well as a solution for Apache environments to deny direct access to those files through the browser.

    You should still delete the whole folder and contact your web host to help you determine a solution for your compromised site. Let me know if you find out what happened from your web host. Be sure to change your account passwords and other access passwords such as FTP too, just to be safe.

    Thread Starter carlosrovira

    (@carlosrovira)

    Thanks Scott, I’l try as I get some time. I must notice that I installed due to the recommendation of the WP instalation, but I think my current use is not very intensive so maybe the recommendation doen’t apply for me.

    Also, I manage the server, so maybe the solution is just to manage permissions on that folder to avoid attacks.

    thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security problems’ is closed to new replies.