[Plugin: Job Manager] POSSIBLE SEVERE SECURITY ISSUE
-
About 2 weeks ago I installed Job Manager 0.7.18 with WP 3.2.1.
All of the functions of JM are working fine, but I am under some sort of attack, daily. The attacks are only one per day, at a random time, and last only for a few minutes, but the attack(er) is able to fill out 100’s of job applications on each of the jobs I have posted. I’ve had over 3000 attack job apps posted in the last week.
I have installed SI Captcha, with no effect.
The forms that I receive are somehow bypassing the standard validation because the email field is never filled a valid email, yet the forms still get sent to me.
You can see that some sort of attack is going on form the strings filling some of the fields, examples below:
‘City: x’+wAiTfOr+dELay+’0:0:20’–‘
‘Country: XxX1322084617360XxX’
‘Where did you complete your degree?: XxX1322084617360XxX’Most apps I receive have a simple 0 in each field, with only one random field having this weird code in it.
Example of full email I receive, below”
Job: 154 - XHTML / CSS Production Specialist https://www.3ring.com/jobs/xhtml-css-production-specialist/ Timestamp: 2011-11-23 23:31:32 Name: 0 Surname: 0 Email Address: [email protected] Address: 0 City: 0 Post code: 0 Country: 0 Telephone: 0 Cell phone: 1+DeClARe+@x+varchar(99)+set+@x=0x77616974666f722064656c61792027303a303a323027+exec(@x)--Any suggestions?
- The topic ‘[Plugin: Job Manager] POSSIBLE SEVERE SECURITY ISSUE’ is closed to new replies.
