white list hack

Hi gbyat,

I think there are many possibilities. Could you send me an email to tokkonopapa at yahoo.com? I should know about the deail.

Thanks.

sorry for my late answer. there were several issues today, so I found no time to have a look at the thread earlier. possibly 2.2.2.1 fixed the problem?

Unfortunately no. But according to your report, I set up a hypothesis and I did my best what can do now.

We should identify the cause and the details should not be on the public. It’s a general principle. That’s why I beg you to contact on email. I ask for your kind understanding and cooperation.

Thanks.

Dear gbyat,

I really thank you for reporting the details about your issue. Your report is very helpful to identify the cause.

I found it was caused not by hack but my fault of software design. I will try to explain.

The initial value of “Maching rule” is “Disable”. And when you activate this plugin for the first time, geolocation databased will be downloaded and then the country code will be set according to “your” IP address.

This process will be done in background and will take the time for ten seconds or so. And actually, this process can also be done by not “you” but “someone” in case of race condition.

For example, when you activate this plugin but at the same time the attacker carries out brute force attacks, this issue will be caused.

This is obviously the bug. I should restrict the authority to do this process.

I must apologize to you for involving this issue. And I also really appreciate your cooperation to help me finding the cause.

I think onece you can fix your country code, you can keep using this plugin. And I will release the fixed version in near future. I also will take care of the thread you opend.

Thank again!