WordPress.org

Ready to get started?Download WordPress

Forums

WP Super Cache
Security Issues? Caching 3rd-party domain! (4 posts)

  1. Oliver Krautscheid (oliversk)
    Member
    Posted 3 years ago #

    Hi donncha,

    today I checked my super-cache directory. To my surprise I found a folder http://www.gamespot.com. There's also a folder with my server IP, but I think that might be normal when people access my site via IP (which I can probably deactivate).

    First, how is that even possible that someone somehow enters another site and it then gets cached? Security issue imo.

    Anyway, is it possible to avoid that all directories that wp-super cache creates are set to 777? Without using mod_suphp if possible.

    Thanks!

  2. Oliver Krautscheid (oliversk)
    Member
    Posted 3 years ago #

    Also why do you write the WPOM.dat to the uploads folder? I don't want to set one of the most critical folders to 777. I'd recommend to write this to the cache folder as well and avoid even more security risks.

  3. Donncha O Caoimh
    Member
    Plugin Author

    Posted 3 years ago #

    I wouldn't worry about that domain showing up. Someone, (yes, a hacker), connected to your web server and asked for http://www.gamespot.com in the http headers for some reason. WordPress answered the request and Supercache cached it.
    I don't want the plugin to second guess what the user wants to do when WordPress itself will answer the request and serve some content.

    I think you can change the 777 permissions by using the system umask setting. You may have to set this in a startup script and then restart Apache. On my server the directories are 755.

  4. Donncha O Caoimh
    Member
    Plugin Author

    Posted 3 years ago #

    Oh yeah, WPOM.dat is not created by Supercache. I don't know what would create that file.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic