We are affiliate partner of a host provider, we have about 300 WP sites installed on our virtual server, and the provider itself also has quite many of them on their own part of the server.
Monday afternoon the webmaster logged a serious attack. One sample line from the log:
Jun 3 17:34:49 atma suhosin: ALERT - script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker '18.104.22.168', file '/srv/pagonymedia/xxxxxx.hu/httpdocs/wp-content/ plugins/all-in-one-seo-pack/all_in_one_seo_pack.php', line 115)
The attack stopped all WP sites for about 20 minutes. Then the problem was solved (somehow it was in relation with the well-known Trackback/Pingback - botnet - brute force attack issue), but our host provider disabled AIOSEOP for the whole server and they don't let us use it if we can't show a security fix release of the plugin.
We only USE WordPress and All-In-One-SEO-Pack but we are not codewriters so we cannot say anything more about it. Can you, developers help us to use again our loved AIOSEOP?
Many of us have hundreds of posts optimized with AIOSEOP and we really hate the idea to start it over again with another plugin... But AIOSEOP will not be enabled again on our server if we don't have a security fix or at least any good explanation to what had happenned and how can we fix it or protect the server against it.
Can you help us?
Thanks in advance!