[Plugin: WP Super Cache] Security Issues? Caching 3rd-party domain!

  • Hi donncha,

    today I checked my super-cache directory. To my surprise I found a folder https://www.gamespot.com. There’s also a folder with my server IP, but I think that might be normal when people access my site via IP (which I can probably deactivate).

    First, how is that even possible that someone somehow enters another site and it then gets cached? Security issue imo.

    Anyway, is it possible to avoid that all directories that wp-super cache creates are set to 777? Without using mod_suphp if possible.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)

  • Also why do you write the WPOM.dat to the uploads folder? I don’t want to set one of the most critical folders to 777. I’d recommend to write this to the cache folder as well and avoid even more security risks.

    I wouldn’t worry about that domain showing up. Someone, (yes, a hacker), connected to your web server and asked for https://www.gamespot.com in the http headers for some reason. WordPress answered the request and Supercache cached it.
    I don’t want the plugin to second guess what the user wants to do when WordPress itself will answer the request and serve some content.

    I think you can change the 777 permissions by using the system umask setting. You may have to set this in a startup script and then restart Apache. On my server the directories are 755.

    Oh yeah, WPOM.dat is not created by Supercache. I don’t know what would create that file.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: WP Super Cache] Security Issues? Caching 3rd-party domain!’ is closed to new replies.