WordPress.org

Ready to get started?Download WordPress

Forums

OptionTree
This plug-in is getting hacked (12 posts)

  1. Honor_MacDonald
    Member
    Posted 2 years ago #

    A couple times now I've found the php files invalidated on this plug-in, which crashes the site (and promises some really disgusting porn, for that matter >.< )

    Any ideas?

    http://wordpress.org/extend/plugins/option-tree/

  2. Honor_MacDonald
    Member
    Posted 2 years ago #

    btw, when I replace the plug-in with a clean version, the site is fine again, of course.

  3. Mark (podz)
    Support Maven
    Posted 2 years ago #

    Investigating right now.

  4. Mark (podz)
    Support Maven
    Posted 2 years ago #

    Please contact me through plugins@wordpress.org with as much detail about the links as possible. Thanks.

    The plugin is withdrawn for now.

  5. Honor_MacDonald
    Member
    Posted 2 years ago #

    Just sent it.

  6. Derek Herman
    Member
    Plugin Author

    Posted 2 years ago #

    What are you talking about? How is the plugin being hacked? Contact me derek@valendesigns.com, I need more info more info than it's being hacked. Thanks.

  7. Derek Herman
    Member
    Plugin Author

    Posted 2 years ago #

    Are you sure it's OT and not timbthumb, if you have it on your site it could have gotten hacked that way?

  8. Cudazi
    Member
    Posted 2 years ago #

    As a heavy user of this plugin since its inception, I haven't heard of anything like this either.

    Mark - Any chance it could be put back up while under review? It causes a bit of a headache when users can't find a well known plugin.

  9. Mark (podz)
    Support Maven
    Posted 2 years ago #

    The plugin was replaced a few hours ago - sorry for not noting it here.
    I can't see anything wrong so if anything it is being targeted. Not there there is a lot you can do about that.

  10. Derek Herman
    Member
    Plugin Author

    Posted 2 years ago #

    Timthumb is currently being targeted heavily all over the web, do you have that in use with your theme?

  11. Honor_MacDonald
    Member
    Posted 2 years ago #

    Derek - That's all I was thinking was that it might be being targeted, if there's some loose code somewhere. I'm not at home right now, but I'll email you when I get back with more. What happens is that the index.php of this and only this plug-in gets over-written or corrupted with a bunch of other stuff, which, of course, causes WP to disable it. I -think- that might open up other parts of the theme that relay on OT for functionality.

    The only fix I've done so far is to look for other corrupted files, and replace OT with a fresh copy. Everything works fine until they replace the index.php file again.

    As far as I know timthumb isn't on the site at all, and isn't in the current theme (no pages use the usual "TimThumb" custom field. I'll look closer when I get home.

    The client may have added a theme - not in use - that uses it, also. Would that be a vulnerability, or only the theme in use? I'll look and see if there are any inactive themes they added and I haven't deleted yet.

    Thanks for all the action on this, by the way. I'm sorry for the initial confusion that caused a momentary unavailability.

  12. Derek Herman
    Member
    Plugin Author

    Posted 2 years ago #

    If timthumb is anywhere on the server it's a possible way to hack the site. I'll look at the plugin more later today, but I'm at a loss for why it was hacked and how. Please do send me anymore info you get via my email so I can look into it further.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic