Support » Plugin: WP Super Cache » malware reported in wp-super-cache readme.txt

  • email from “wordpress”:

    Wordfence found the following new issues on “Insider Capital Group”.

    Critical Problems:

    * File contains suspected malware URL: /nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/plugins/wp-super-cache/readme.txt

    Text was written to .htaccess file when I made changes to wp-super-cache settings. Naturally I have since deactivated wp-super-cache on all three of my wordpress sites, deleted readme.txt, and checked .htaccess files (which were cleaned up by deactivation).

    Here is readme.txt:

    [Copy of readme.txt removed. There’s really no need to quote all of that here.]

    http://wordpress.org/extend/plugins/wp-super-cache/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Donncha O Caoimh

    (@donncha)

    The readme.txt can’t be executed. It probably flagged one of the credit links at the end of the file. The plugin doesn’t have any malware.

    readme.txt is not executable, and, perhaps the portion of readme.txt that is repeated in .htaccess when mod-rewrite is turned on is clean (I don’t know) but if it is flagged by Google as it was by Wordfence, I do know I still have “malware” problems.

    I am happy to delete the readme.txt file if you tell me .htaccess is clean:

    AddHandler php5-script .php
    
    # BEGIN WPSuperCache
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    #If you serve pages from behind a proxy you may want to change 'RewriteCond %{HTTPS} on' to something more sensible
    AddDefaultCharset UTF-8
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{HTTPS} on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{HTTPS} !on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTPS} on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(Android|CUPCAKE|Googlebot-Mobile|bada|blackberry\ 9800|blackberry9500|blackberry9520|blackberry9530|blackberry9550|dream|iPhone|iPod|incognito|s8000|webOS|webmate).* [NC]
    RewriteCond %{HTTPS} !on
    RewriteCond %{DOCUMENT_ROOT}/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html -f
    RewriteRule ^(.*) "/nfs/c01/h11/mnt/9995/domains/insidercapital.com/html/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html" [L]
    </IfModule>
    
    # END WPSuperCache
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    Plugin Author Donncha O Caoimh

    (@donncha)

    Looks fine. Try running the WordPress Exploit Scanner plugin. That will help find anything on your site.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘malware reported in wp-super-cache readme.txt’ is closed to new replies.