Is the plugin exploited?

  • Resolved Dan14

    (@dan14)


    11 years, 4 months ago

    There is a spam referrals from Russia from ecXnXm.cX (replace the x with o). I discovered the following info about this spam:

    “It came to our attention that the spammer is exploiting Google Analytic publisher codes and a few free WP plugins that have not been updated (one is a very famous SEO plugin which has not been updated for quite sometime now, sorry we cannot name them for fear of legal backlash). As a matter of fact, we are using them on this site too”.”

    I don’t know which SEO plugin is this but please look into this and see if there are any exploits with your plugin.

    https://wordpress.org/plugins/all-in-one-seo-pack/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter Dan14

    (@dan14)

    11 years, 4 months ago

    I just found out is not you (that famous SEO plugin) but still look into possible exploits please.

    Thread Starter Dan14

    (@dan14)

    11 years, 4 months ago

    At least I hope so. It is very frustrating.

    Plugin Support Steve M

    (@wpsmort)

    11 years, 4 months ago

    Hi Dan,

    As long as you download All in One SEO Pack from the WordPress plugin repository then it is free from viruses and spam. WordPress scan plugins in the repository so that users can be assured when they install them.

    Thread Starter Dan14

    (@dan14)

    11 years, 4 months ago

    Hi spmart, thank you for your quick reply. I have downloaded it safely as you said but I am very concerned with this new spammer that goes around. You can read more about here: http://www.cradlecloud.com/ban-block-econom-co-spam-referrals/

    In the comments section is mentions there is an exploit of SEO plugin. This is why I want to confirm with you that there are no exploits and whether it is worth double-checking.

    Peter Baylies

    (@pbaylies)

    11 years, 4 months ago

    Hi Dan14,

    There is no exploit here, spam referrals all take place at the webserver level, which is why the instructions for preventing this involve editing your .htaccess file or otherwise changing your webserver configuration; here are the relevant instructions in the WordPress Codex, there are no plugin vulnerabilities involved here.

    Thread Starter Dan14

    (@dan14)

    11 years, 4 months ago

    Thank you for the links and your confirmation

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Is the plugin exploited?’ is closed to new replies.

Tags