Have you tried contacting the plugin author directly about this?
Their site appears to be in Spanish (Can’t navigate it). Do developers not check their WP plugin pages? Sorry not used to having this kind of problem.
I found their contact form and left them a note.
Most do, yes. and on checking that plugin, I can see that some security issues have been addressed in version 0.14.14 and 0.14.15
If you still feel that this plugin does have security holes, please contact plugins [at] wordpress.org with the full details – including any hard evidence that these issues are present in the latest version of the plugin.
Hi square_eyes.
Looking at your image I can see SK is working fine. The system deleted the script tag and only uses the text inside the tag as a string, disabling any ‘script attack’.
It looks like your nemesis is trying to use the old bug to attack your site again, but as you can see the door is locked.
Declare this user as a spammer to try to block his messages.
About the images, the first release that solved the ‘script attack’ deleted any image in the comments but some users required it, so i have to enable images again.
If you required it, I can add a setting to disable images inside the comments.
Sorry about the first attack to your site.
Well I took your advice and left the plugin up. About once a week the hacker would post an image and some XSS. I rejected and banned the user from each comment as it happened.
Today I come to my site and get the below where schreikasten was in the side bar.
View post on imgur.com
A short while later my site was cut over to a bogus index.html, removing even the modified content. Thank god all I had to do was delete that and restore a backed up index.php. But now I don’t know if any of my other site content or files have been compromised.
Some assistance would be appreciated. I’m feeling pretty bad about taking your advice right now.
Thanks I have looked at these before. Any you’re right. But both times the exploit has been through schreikasten. The developer of this plugin should be addressing it.
Although the original attack may have been the result of an issue in the plugin, if you didn’t clean the site out properly, the hacker may now be gaining entry via a back door that he left on the site. The plugin may not have anything to do with it anymore.
Well I have recovered, and it was horrible. I lost a week of web development.
While I have no conclusive proof it was this plugin, I was getting XSS ‘probed’ in the form of Shoutbox posts almost daily towards the end. As if they were testing for weaknesses.
I only have one other form on my site and that is my contact form by http://contactform7.com/. I received 3 XSS type emails through there, but have used this plugin for two years without issue.
Since restoring from backup two weeks ago, and disabling schreikasten I have been left alone. I still have contact form running.
Hi square_eyes.
I know I’m late, sorry.
SK uses the same security functions WP uses, and the only difference is SK allows images.
In this thread you suggested that your site has been attacked using a png image. Can you confirm other attacks using images?
I suggested time ago I can add a way to ‘select if you want to allow images’ in settings. I will do that, but I can’t ask you to test SK again because it is too dangerous for your site.
Just answer me those two questions and thanks for you support.
I’m sorry if this plugin gives you a headache. I’ll try to find where the problem is.
Is this plugin still vulnerable to XSS or what?
