Site Constantly Being Hacked

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Jason Crouse

    (@coolmann)

    Dear neononcon,

    I am sorry to read about your issues. Please note that the articles you link refer to Slimstat 3.9.x. The issue in question was addressed in February of 2015, and no new vulnerabilities have been reported so far. We are very responsive when it comes to our users’ websites security, and we try to be on top of every aspect of this kind of issues.

    Please stop spreading false information about the most current version of our plugin, as we are not aware of any vulnerability affecting our code, that could cause such a problem. I’m pretty sure the issue in your case lies somewhere else.

    Respectfully,
    Camu

    Thread Starter neononcon

    (@neononcon)

    Hi Camu, thanks for replying. No intention of spreading “false” information. The sources posted are older and mention previous version of the plugin, but that doesn’t mean there isn’t still an issue. Instead of being defensive and denying any remote possibility of a security issue, perhaps you could ask more questions to dig into it a bit for 100% assurance that the hacks aren’t a result of using Slimstat.

    You have the best stats plugin for WP that I’ve come across so far. But you can’t blame me for feeling uneasy with the fact that when Slimstat is up and running, there are scripts being injected into header.php. But not happening when the plugin is disabled. I will monitor the situation more closely and test other plugins and report back. But may this message be at least some sign that there could be a 1 percent chance of a vulnerability in the plugin.

    If the site becomes hacked the same way without Slimstat within 1-2 weeks, I will come back and ask for this thread to be removed.

    Plugin Author Jason Crouse

    (@coolmann)

    Hi,

    the team at Sucuri itself (those who brought up to our attention the SQL injection mentioned in those articles) confirmed, back in February, that the issue had been addressed. They also scanned our code for other potential issues, and nothing was found. Sure, it is possible that other vulnerabilities have been introduced, but I must say that our core tracker (which was affected in February) hasn’t changed much since we applied the fix. I’d be more than happy to hear back from you in a couple of weeks. And please rest assured that, if the issue is pertinent to Slimstat, we will release a hotfix right away. Thank you for being on top of this.

    Best,
    Camu

    Thread Starter neononcon

    (@neononcon)

    Cool, thanks, Camu. And thanks for your hard work.

    Plugin Author Jason Crouse

    (@coolmann)

    For everyone’s reference:

    https://blog.sucuri.net/2015/02/security-advisory-wp-slimstat-3-9-5-and-lower.html

    Patched Version: 3.9.6

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Site Constantly Being Hacked’ is closed to new replies.