• Resolved lpsct

    (@lpsct)


    Hi, Wordfence has detected more than 300 hundred spam urls in our server, and they are in the fastpixel folder, for instance: wp-content/cache/fastpixel-website-accelerator/www.mywebsite.com/_best_place_order_viagra_online_forum/index.html

    Are you aware of this? what should i do?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter lpsct

    (@lpsct)

    they are actually many more… about 1.000

    Plugin Author Aleksandr Guidrevitch

    (@aguidrevitch)

    Hi @lpsct, can you please share your site URL and/or open a ticket?

    Plugin Author Aleksandr Guidrevitch

    (@aguidrevitch)

    Technically, it is possible to upload an html at a given URL, but one should know the secret key that is generated by Fastpixel for your host. So please contact us through https://fastpixel.io/#contact so we can investigate the reason of your key leaking, probably through your theme or another plugin.

    Plugin Author Aleksandr Guidrevitch

    (@aguidrevitch)

    I believe that your website was hacked and FastPixel just cached the hacked results.
    As an first step, please flush FastPixel cache and then deactivate it – this way you can be sure it has nothing to do with FastPixel.

    Plugin Author Aleksandr Guidrevitch

    (@aguidrevitch)

    Hi @lpsct ,

    We’ve released FastPixel 1.0.38, which improves our security model even further, by implementing RSA-2028 asymmetric cryptography to sign requests coming from our servers.

    What it technically means, is that even if you’ve been hacked, and your site authorization key leaked, the malicious users will not be able to upload random pages to your server.

    Thank you for reporting, and let me know if we can assist you further.

    Best,
    Alex

    Thread Starter lpsct

    (@lpsct)

    Sorry I didn’t notice your previous messages.

    Thanks for the update. I have updated the plugin and flushed the cache, I will let you know if any other spam urls pops up!

    Thread Starter lpsct

    (@lpsct)

    Sorry, I have to open this topic again because the spam urls are back, there are more than a thousand, inside wp-content/cache/fastpixel-website-accelerator/www.domain.com

    If they are cached from some other place in the website I cannot find where are the original urls… so I am again suspicious of your plugin.

    Can you help me with this? how to avoid this to happen again?

    Plugin Author Aleksandr Guidrevitch

    (@aguidrevitch)

    @lpsct ,

    Have you disabled ‘Serve stale content’ before purging all the content?

    Best,
    Alex

    Thread Starter lpsct

    (@lpsct)

    I see, no I didn’t, but I will do it now since I havn’t deleted them yet

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.