WordPress.org

Support

Support » Plugins and Hacks » Extended Comment Options » [Plugin: Extended Comment Options] Vulnerability? getting risky emails with links re this plugin

[Plugin: Extended Comment Options] Vulnerability? getting risky emails with links re this plugin

Viewing 9 replies - 1 through 9 (of 9 total)
  • I also just received a link from a client’s Yahoo account (mass emailing) forwarding to a “friends.php” link inside a WP installation w/ Extended Comment Options.

    OP – i’d recommend removing the full path to the image.php?miss164.jpg etc – if anyone here clicks that they may be exposed to malicious software.

    To the plugin developer, i’d look into this

    Reported up the chain for a review if it’s the plugin or just the folder they’re picking on.

    It’s possible that the plugin’s vulnerable, but it’s also possible that it just happens to be the folder people are sticking their evil code in.

    Plugin Author Glenn Ansley

    @blepoxp

    Thanks guys. I actually just received ownership of this from the original developer. I’ll take a look at it. I know I saw a lot of custom SQL in it when I looked through it earlier. I was planning on cleaning that up so I’ll look the whole thing over.

    I asked Otto, who said he didn’t see anything in trunk as a problem (so that’s good!)

    Not sure, but I think this is just a coincidence… e.g. somehow someone compromised your site and stuck some code in that file (or created a new file). I got an email from a friend at yahoo (had his account hacked) with this link: http://inscoremusic.com/wp-includes/piecemaker-images/info.php?coffee176.jpeg

    I didn’t go to it because it was suspicious, and it looks similar to your link.

    I’ve seen this with a few different hacked email accounts from various people. Not always from this plugin, but the same idea… [name].php?[image] must be a common exploit?

    Yeah, layotte, I think that’s the case. People used to target Akismet that way (since they knew it’d be there). I don’t know if there’s anything you can do to prevent it, without actually seeing someone’s copy of a corrupt file.

    If you have one, post it to pastebin.com and share 🙂

    hello, I just got email with link to
    _http://connor.cannaphonic.com/wp-content/plugins/extended-comment-options/docs.php?model1.php

    Plugin Author Glenn Ansley

    @blepoxp

    Hi,
    As mentioned above, it appears that a script is targeting the plugin’s folder as a landing zone. I would suggest that you don’t post links to malicious code on the forums though. That’s probably not good for the masses.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘[Plugin: Extended Comment Options] Vulnerability? getting risky emails with links re this plugin’ is closed to new replies.
Skip to toolbar