WordPress.org

Ready to get started?Download WordPress

Forums

WP Super Cache
malware reported in wp-super-cache readme.txt (4 posts)

  1. sebriese
    Member
    Posted 2 years ago #

    email from "wordpress":

    Wordfence found the following new issues on "Insider Capital Group".

    Critical Problems:

    * File contains suspected malware URL: /nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/plugins/wp-super-cache/readme.txt

    Text was written to .htaccess file when I made changes to wp-super-cache settings. Naturally I have since deactivated wp-super-cache on all three of my wordpress sites, deleted readme.txt, and checked .htaccess files (which were cleaned up by deactivation).

    Here is readme.txt:

    [Copy of readme.txt removed. There's really no need to quote all of that here.]

    http://wordpress.org/extend/plugins/wp-super-cache/

  2. Donncha O Caoimh
    Member
    Plugin Author

    Posted 2 years ago #

    The readme.txt can't be executed. It probably flagged one of the credit links at the end of the file. The plugin doesn't have any malware.

  3. sebriese
    Member
    Posted 2 years ago #

    readme.txt is not executable, and, perhaps the portion of readme.txt that is repeated in .htaccess when mod-rewrite is turned on is clean (I don't know) but if it is flagged by Google as it was by Wordfence, I do know I still have "malware" problems.

    I am happy to delete the readme.txt file if you tell me .htaccess is clean:

    AddHandler php5-script .php
    
    # BEGIN WPSuperCache
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    #If you serve pages from behind a proxy you may want to change 'RewriteCond %{HTTPS} on' to something more sensible
    AddDefaultCharset UTF-8
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{HTTPS} on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{HTTPS} !on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTPS} on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTPS} !on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html" [L]
    </IfModule>
    
    # END WPSuperCache
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
  4. Donncha O Caoimh
    Member
    Plugin Author

    Posted 2 years ago #

    Looks fine. Try running the WordPress Exploit Scanner plugin. That will help find anything on your site.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic