Thomas Wright

Sorry, I have been somewhat busy so that has been delayed till the next version.

This will be an option in the next version of the plugin, as soon as I get around to releasing it.

@slgearin
Thanks for bearing with me. Version 0.71 has switch from using blacklists to whitelists so issues of this kind should hopefully be much less likely in the future.

A few weeks perhaps; I am hoping to finish it before I head to uni.

Ok, in that case I will test the plugin with WP Subdomains and attempt to fix it in the next version. The images not displaying is probably due to a problem with the timthumb script used to generate thumbnails; if you just right click on the image and select ‘open image in new tab’ (or your browser’s equivalent message), you should be able to resolve this fairly easily.

Hi,
could you check whether this occurs when using the default WordPress theme. It sounds like by changing the permissions, you have fixed your first problem and now are experiencing an unrelated, theme dependant, error. Please could you also let me know which theme you are using, and any other comment related plugins so I can investigate further.

In that case, I don’t think your site has been successfully compromised (from what I’ve seen) as the plugin would have allowed that file to be uploaded under normal conditions. That was probably just the hacker trying to figure out how filetypes were detected.

As far as I can see from the logs, the attacker attempted to upload 1 file, then went to your home page, and then looked in your uploads folder. They do not then open any file, which suggests that the attempt was unsuccessful (if it was successful, they would have accessed the PHP shell they uploaded from that folder). The Google search which the attacker arrived by also suggests that they are just attempting to use a known exploit rather than perform a targeted attack.

What is the creation time and location of helpp.jpg? I don’t see anything to suggest that this attempt was successful (at least in the section of logs I have seen) but you might have been compromised another way/time.

Where was it uploaded to? If you post the last few entries in your webserver’s access log then I will be able to see what sort of attack they attempted.

@rednecktexan It looks like they were trying to attack the same flaw which I fixed in 0.70 but it would not have worked even if WordPress Firewall had not detected it because of the updated blacklist and the whitelist which is now enabled.
The result of attempting to upload that file

I should be able to look into the other visual issue within the next few days.

I have just released version 0.70 of the plugin which should resolve this issue.

I have just released version 0.70 which should prevent this and future similar exploits.

This option have been added in version 0.70 of the plugin.

This should be fixed in version 0.70 of the plugin.

Which theme are you using. Several users of the Thesis theme have reported this issue.