Spam/Hacker target

  • I had to turn off this plugin because it was being attacked by spammers/hackers. They were adding comments to the system even though I can’t find anything in the plugin pertaining to the comment system. I removed the plugin from public view and since then it has received 30 new posts (all spam) over the last 6 months. I had previously installed a plugin to prevent all comments on the site, so those have ceased. But, it’s amazing how plugin can still get use when it is not available to the public. I will be removing this plugin permanently and I suggest everyone think carefully about installing this plugin.

Viewing 1 replies (of 1 total)

  • Hi Eric,

    I’m really sorry that you ran into issues here. This is not good news for us to hear and I’d really like to help you out, if you want to continue working with it.

    If you leave the plugin “active” on the plugin dashboard, the code is still available even if you make the pages used by the plugin hidden–that’s the nature of plugins I’m afraid. Deactivating the plugin is the only way to ensure someone can’t run code for a plugin. Just something to be aware of.

    When you say “hackers were adding comments to the system”–where were they adding the comments? To posts and pages? To Classifieds? It would really help to know more here.

    What version of AWPCP were you running? Older versions of AWPCP from last year had vulnernabilities that were introduced by insecure WordPress API calls and we fixed those in later version (3.6.3.1 is verified as secure right now) But older versions could have been a problem–since you indicated you had this installed for a long time, do you know what version you had running that time? Did you keep it updated?

    If you’ve been attacked, it would really help if you contact us with your Apache logs so we can find out the vector they are using to gain access. I would very much like to find the source of this issue and seeing that would really help track it down.

    Contact us here so we can help with it further: https://awpcp.com/contact/

Viewing 1 replies (of 1 total)
  • The topic ‘Spam/Hacker target’ is closed to new replies.