Thread Starter
lpsct
(@lpsct)
they are actually many more… about 1.000
Hi @lpsct, can you please share your site URL and/or open a ticket?
Technically, it is possible to upload an html at a given URL, but one should know the secret key that is generated by Fastpixel for your host. So please contact us through https://fastpixel.io/#contact so we can investigate the reason of your key leaking, probably through your theme or another plugin.
I believe that your website was hacked and FastPixel just cached the hacked results.
As an first step, please flush FastPixel cache and then deactivate it – this way you can be sure it has nothing to do with FastPixel.
Hi @lpsct ,
We’ve released FastPixel 1.0.38, which improves our security model even further, by implementing RSA-2028 asymmetric cryptography to sign requests coming from our servers.
What it technically means, is that even if you’ve been hacked, and your site authorization key leaked, the malicious users will not be able to upload random pages to your server.
Thank you for reporting, and let me know if we can assist you further.
Best,
Alex
Thread Starter
lpsct
(@lpsct)
Sorry I didn’t notice your previous messages.
Thanks for the update. I have updated the plugin and flushed the cache, I will let you know if any other spam urls pops up!
Thread Starter
lpsct
(@lpsct)
Sorry, I have to open this topic again because the spam urls are back, there are more than a thousand, inside wp-content/cache/fastpixel-website-accelerator/www.domain.com
If they are cached from some other place in the website I cannot find where are the original urls… so I am again suspicious of your plugin.
Can you help me with this? how to avoid this to happen again?
@lpsct ,
Have you disabled ‘Serve stale content’ before purging all the content?
Best,
Alex
Thread Starter
lpsct
(@lpsct)
I see, no I didn’t, but I will do it now since I havn’t deleted them yet