WordPress.org

Support

Support » Plugins and Hacks » [Plugin: OptionTree] This plug-in is getting hacked

[Plugin: OptionTree] This plug-in is getting hacked

Viewing 11 replies - 1 through 11 (of 11 total)
  • btw, when I replace the plug-in with a clean version, the site is fine again, of course.

    Mark (podz)

    @podz

    Support Maven

    Investigating right now.

    Mark (podz)

    @podz

    Support Maven

    Please contact me through plugins@wordpress.org with as much detail about the links as possible. Thanks.

    The plugin is withdrawn for now.

    Just sent it.

    Plugin Author Derek Herman

    @valendesigns

    What are you talking about? How is the plugin being hacked? Contact me derek@valendesigns.com, I need more info more info than it’s being hacked. Thanks.

    Plugin Author Derek Herman

    @valendesigns

    Are you sure it’s OT and not timbthumb, if you have it on your site it could have gotten hacked that way?

    As a heavy user of this plugin since its inception, I haven’t heard of anything like this either.

    Mark – Any chance it could be put back up while under review? It causes a bit of a headache when users can’t find a well known plugin.

    Mark (podz)

    @podz

    Support Maven

    The plugin was replaced a few hours ago – sorry for not noting it here.
    I can’t see anything wrong so if anything it is being targeted. Not there there is a lot you can do about that.

    Plugin Author Derek Herman

    @valendesigns

    Timthumb is currently being targeted heavily all over the web, do you have that in use with your theme?

    Derek – That’s all I was thinking was that it might be being targeted, if there’s some loose code somewhere. I’m not at home right now, but I’ll email you when I get back with more. What happens is that the index.php of this and only this plug-in gets over-written or corrupted with a bunch of other stuff, which, of course, causes WP to disable it. I -think- that might open up other parts of the theme that relay on OT for functionality.

    The only fix I’ve done so far is to look for other corrupted files, and replace OT with a fresh copy. Everything works fine until they replace the index.php file again.

    As far as I know timthumb isn’t on the site at all, and isn’t in the current theme (no pages use the usual “TimThumb” custom field. I’ll look closer when I get home.

    The client may have added a theme – not in use – that uses it, also. Would that be a vulnerability, or only the theme in use? I’ll look and see if there are any inactive themes they added and I haven’t deleted yet.

    Thanks for all the action on this, by the way. I’m sorry for the initial confusion that caused a momentary unavailability.

    Plugin Author Derek Herman

    @valendesigns

    If timthumb is anywhere on the server it’s a possible way to hack the site. I’ll look at the plugin more later today, but I’m at a loss for why it was hacked and how. Please do send me anymore info you get via my email so I can look into it further.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘[Plugin: OptionTree] This plug-in is getting hacked’ is closed to new replies.