WordPress.org

Ready to get started?Download WordPress

Forums

WP Super Cache
Security Issues + http://ocaoimh.ie/ access problems (3 posts)

  1. Oliver Krautscheid (oliversk)
    Member
    Posted 3 years ago #

    Hi

    I wanted to inform you, Donncha of a security issue.

    I found this in my cache folder today: /cache/supercache/

    domain.com (normal)
    domain.com. (normal)
    http://www.google.com (whoops!)
    http://www.hackersite.com (oh oh!)

    As you can see some hackers can create folders in the supercache folder. Somehow. I don't know how they do it, but it needs to be looked into. I believe this can be a security issue. I looked into the folder and downloaded the files, it was my site .. but if they somehow manage to establish a remote connection then it will cache the site and make it accessible. So, what I'd suggest is to add some checks that only subfolders for the domain can be created!

    Also, I wanted to inform you that I accessed your site recently and it was downloaded as a rar file. Maybe something you should look into.

    Anyway, keep up the great work.

    Thanks,
    Oliver

  2. Inposure
    Member
    Posted 3 years ago #

    It is a DNS spoof and has nothing to do with Super Cache.

    Add the following to your .htaccess file to get rid of it:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^domain.com$
    RewriteRule .* - [F]
    </IfModule>

    Now Super Cache (Widget Cache and so on) will not be bothered, all that fake visitors will see is a 403 Forbidden page.

    If you use multisite, make sure you have NOBLOGREDIRECT set (google it).

    If you use www, make the following modification:

    RewriteCond %{HTTP_HOST} !^(www\.)?domain.com$

  3. Donncha O Caoimh
    Member
    Plugin Author

    Posted 3 years ago #

    Thanks Oliver. liangzai is right. There's nothing to worry about. WordPress serves content for whatever site your server answers a request for. WP Super Cache simply caches it.

    The download the page problem is a very obscure problem. It's actually documented in the readme.txt and happens once in a blue moon. I can't reproduce it reliably. :(

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic