http://www.wpwp.org/forums/topic/vulnerability-in-lib WassUp Forums » Topic: Vulnerability in /lib ! en-US Fri, 10 Feb 2012 17:25:49 +0000 http://bbpress.org/?v=1.0.3 q http://www.wpwp.org/forums/search.php http://www.wpwp.org/forums/topic/vulnerability-in-lib#post-968 Wed, 20 Jan 2010 23:05:47 +0000 RogerDue 968@http://www.wpwp.org/forums/ <p>Helene,<br /> I would like to thank you for pointing out the "Bad Behavior" plugin!!! I installed it yesterday on 3 WP site, signed up for Project Honey Pot, &amp; enabled http:BL. Within only a few hours the "Bad Behavior" plugin blocked traffic, some of which was caught via http:BL. Of course I also have Akismet activated. What is most interesting about all of this is that the site I have been working on recently is only a few months old and already I am getting this kind of malicious traffic. Thanks! </p> http://www.wpwp.org/forums/topic/vulnerability-in-lib#post-962 Sun, 10 Jan 2010 07:38:58 +0000 helene 962@http://www.wpwp.org/forums/ <p>This is a serious problem that we would like to fix ASAP, but your information is incomplete and the attached image/warning is not related to Wassup. </p> <p>What versions of Wassup and wordpress were you running? Do you have any logs or messages that pinpoint Wassup as the source of the javascript vulnerability that you can show us? Did wassup record the exploit attempt and can you show us that raw record? </p> <p>As an aside, I recommend that you add the plugin, 'Bad Behavior' (<a href="http://wordpress.org/extend/plugins/bad-behavior/" rel="nofollow">http://wordpress.org/extend/plugins/bad-behavior/</a>) to your blog security regimen. It is a gatekeeper plugin that monitors request headers for suspicious code and can block javascript and SQL injection attempts before they reach your blog. </p> http://www.wpwp.org/forums/topic/vulnerability-in-lib#post-961 Sat, 09 Jan 2010 08:19:44 +0000 Perspective 961@http://www.wpwp.org/forums/ <p>Guys.. it seems that you got a vulnerability in /lib folder... in my case it was in main.php if I remember well.<br /> My website was hacked based on that.. exploited on one of the java script file that your programm has. </p> <p>I lost everything on it.. and there was hard work.. believe me. i have to start all from 0 as far as I didn't have a backup (which is my f**cking fault).</p> <p>After they injected the code I received the following error:</p> <p><a href="http://img685.imageshack.us/img685/3727/errorsite.jpg" rel="nofollow">http://img685.imageshack.us/img685/3727/errorsite.jpg</a></p> <p>You might have a look on the plugin codding again and fix it.<br /> Personally I won't use wassup for my web-blog anymore.</p> <p>Wanted to report it.. maybe's useful for you.</p> <p>Cheers. </p>