Possible Vulnerability

  • Resolved xtensions

    (@williamews)


    1 year, 2 months ago

    Hi. This question is not directly connected to Wordfence, but I think you may help your team if possible to look into this… Since the plugin authors themselves seem to stop responding…

    Here’s the screenshot of the issue: https://prnt.sc/PJd_f6R4ZO_4

    For a while now, I’m seeing some folders in W3 Total Cache cache folder that are a clear sign of hacking… I took measure to further secure the site and server, but the folders are still being created in W3 Total Cache folder… I contacted the plugin authors to notify them of a possible vulnerability, but they only responded once and stopped responding….

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • wfjoshc

    (@wfjoshc)

    1 year, 2 months ago

    Hi @williamews

    Thanks for reaching out and sharing this with us! I will be sending this off to our security specialists for a deeper look!

    All the best,

    Joshua

    Thread Starter xtensions

    (@williamews)

    1 year, 2 months ago

    Alright. Just to add more info for your team…

    I found the folders with the “php” extension in W3 Total Cache “page_enhanced” folder that I have already deleted because I’m sure is a hacking trace… However, I’m wondering if this is a vulnerability in the W3 Total Cache plugin because looking in the WordPress folders and other plugins’ folders, I didn’t find anything similar… Here is what the contents of the W3 Total Cache “page_enhanced” folder looks like, screenshot here: https://prnt.sc/PJd_f6R4ZO_4

    Thanks!

    jamieburchell

    (@jamieburchell)

    1 year, 2 months ago

    It’s not necessarily related to the W3 Total Cache plugin at all. The folder is likely writable by the webserver user (Apache, NGINX, php-fpm etc.) and so this is where the malicious files can be written and then accessed remotely.

    The “hack” or vulnerability could be in any of your plugins, your WordPress installation, or somewhere completely unrelated on your server.

    Thread Starter xtensions

    (@williamews)

    1 year, 2 months ago

    Hi. Thanks for the rely.

    The current permission on that W3 Total Cache folder is 755.

    Also, I would like to note that when I noticed this issue, I did check the files and folder permissions, replaced WordPress wp-admin and includes folders, and deleted/replaced plugins with fresh installs… I also disabled FTP and many other services, and scanned the entire server.

    Thread Starter xtensions

    (@williamews)

    1 year, 2 months ago

    So, what do you suggest?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Possible Vulnerability’ is closed to new replies.