W3 Cache compromised backdoored by Hackers. WP Forces ALL users password reset

W3 Total Cache Backdoor @ www.remarpro.com

W3 Total Cache Backdoor @ secunia.com

W3 Total Cache Backdoor @ adamharley.co.uk

All my blog with w3 total cache can’t login after I logout, is w3 total cache cause this? Did you guys experience same thing like me? Try logout and login back, can or not? Tell me later

OK so according to these articles the newest version of W3 cache is compromised.

Has the author of the plugin said anything about this?

W3 Total Cache 0.9.2.2 is compromised, but 0.9.2.3 (the current release) is fine.

@adam – you should quote your own article that’s quite correct that if you downloaded W3TC v0.9.2.2 between June 20th and June 21st you most likely got this compromised version. This 0.9.2.2 version had been released for several weeks prior and not compromised.

But of course moving to v0.9.2.3 of W3TC is a good idea anyway.

True, forgot to clarify that bit. Just wanted to make clear that the latest version is safe.

Lol, I guess the real concern is how they broke into the repository and uploaded compromised plugins…

I guess the real concern is how they broke into the repository and uploaded compromised plugins

This is the real problem: the security of the code in the repository.

1 – Who should perform the check?
2 – You can place the material in the repository, too easily?
3 – www.remarpro.com, reset all passwords, the problem is really serious?
4 – Why, after correcting the bug, users of W3 Total Cache have not been officially informed?

Thank you.

A breakin like this is state sponsored IMO.

Like say china hacking google… I think we should be told more.

Plugin authors are being notified of changes to their plugins from now on.

@mykkal … if they say more, hackers will know that there are vulnerabilities and see that each time they break something, the site has to be reset… if they don’t say much, is for your safety.

@nexia true. you have a point there. However when personally identifiable information is compromised they should tell us how and what to check for on our own servers.

Hate to think I had people’s personal information compromised. Sometimes there’s still issues lingering after a breach like this.

I’ve got kids on some of my sites.

I’d like to hear from anybody still having trouble with this plugin. I keep getting locked out of WordPress (self-hosted) and the only way back in is to upload 0.9.2.3 via FTP and overwrite the previous indstall. It lasts a day or so and same thing again. I have disabled W3TC for now to see if it makes any difference. I’ll try Quick Cache if I still have troubles and just have to upload files to Amazon S3 another way.

in wordpress only another admin can change an admin’s permissions. Do you have ghost admins that you didn’t know about? Have you got IP logger installed?

i’d check to see if other user types have had permissions modified, scan my wordpress directly with antivirus, and make sure i’ve changed my ssh port to something non=standard and secured it by MAC address or a certain IP range.

Running anti-virus over a PHP package isn’t going to do much for you. Exploit Scanner should be able to pick up if any core files have been modified though.