WordPress.org

Forums

WP Super Cache
malware reported in wp-super-cache readme.txt (4 posts)

  1. sebriese
    Member
    Posted 2 years ago #

    email from "wordpress":

    Wordfence found the following new issues on "Insider Capital Group".

    Critical Problems:

    * File contains suspected malware URL: /nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/plugins/wp-super-cache/readme.txt

    Text was written to .htaccess file when I made changes to wp-super-cache settings. Naturally I have since deactivated wp-super-cache on all three of my wordpress sites, deleted readme.txt, and checked .htaccess files (which were cleaned up by deactivation).

    Here is readme.txt:

    [Copy of readme.txt removed. There's really no need to quote all of that here.]

    http://wordpress.org/extend/plugins/wp-super-cache/

  2. Donncha O Caoimh
    Member
    Plugin Author

    Posted 2 years ago #

    The readme.txt can't be executed. It probably flagged one of the credit links at the end of the file. The plugin doesn't have any malware.

  3. sebriese
    Member
    Posted 2 years ago #

    readme.txt is not executable, and, perhaps the portion of readme.txt that is repeated in .htaccess when mod-rewrite is turned on is clean (I don't know) but if it is flagged by Google as it was by Wordfence, I do know I still have "malware" problems.

    I am happy to delete the readme.txt file if you tell me .htaccess is clean:

    AddHandler php5-script .php
    
    # BEGIN WPSuperCache
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    #If you serve pages from behind a proxy you may want to change 'RewriteCond %{HTTPS} on' to something more sensible
    AddDefaultCharset UTF-8
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{HTTPS} on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{HTTPS} !on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTPS} on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTPS} !on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html" [L]
    </IfModule>
    
    # END WPSuperCache
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
  4. Donncha O Caoimh
    Member
    Plugin Author

    Posted 2 years ago #

    Looks fine. Try running the WordPress Exploit Scanner plugin. That will help find anything on your site.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WP Super Cache
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic