Hacking Problem?

  • Resolved m.orange

    (@morange)


    4 years, 10 months ago

    Hello W3TotalCache Team,

    we probably discovered a hacking problem on our site today. Can you say something about this …?
    We used the latest WP 5.3.x, use as theme “Themify Parallax” 2.8.3, ContactForm7 and W3 Total Cache. The PHP version used is 7.2 and Apache is used as the server.

    We suspect that the activated caching of the theme and the caching by W3 Total Cache created a gap through which it was possible to inject code into the contact form.

    The Contactform looked like this: https://owncloud.dermatthes-frauhofer.de/index.php/s/XG5BvFmqunfjHXn

    In the meantime we have imported all updates and deactivated the caching of W3 Total Cache. It seems that the problem has been found. Is that correct? Can you give us more information or do you need more to analyze the problem?
    We are grateful for any help.

    We know that creating an excellent caching plugin and keeping it safe is not easy. But maybe you can give us some clues as to what to do.

    Thanks a lot
    Steffen

Viewing 1 replies (of 1 total)
  • Plugin Contributor Marko Vasiljevic

    (@vmarko)

    Hello @morange

    I am sorry about the issue you are experiencing and I am happy to assist you with this.
    First of all, it’s not recommended to use more than one caching solution. So you should not use W3 Total Cache minify if you are using a theme minify because it can break the styling.
    As for the having, there is no gap that W3 Total Cache creates to allow injecting a code. The reason why that code was removed after you disabled W3 Total Cache, or cleared the cache is that that page was cached, so W3 Total Cache may have actually helped you identify the issue.
    Be that as it may, this is not related to W3 Total Cache and W3 Total Cache is not responsible for this.
    You can exclude that page from being cache by adding it to “Never cache following pages ” filed in Performance>Page cache and add E.G. /contact/ this way the page will not be cached.
    Thank you!

Viewing 1 replies (of 1 total)
  • The topic ‘Hacking Problem?’ is closed to new replies.