1. By continuing to use the site, you agree to the use of cookies .This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy.Find out more.
    Dismiss Notice
  2. Follow Casinomeister on Twitter | Facebook | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

Wordpress plugins backdoor

Discussion in 'Content Thieves and other Evil Doers' started by chayton, Dec 20, 2017.

    Dec 20, 2017
  1. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    Was just reading an article from Wordfence about a plugin that was removed from the repository. This plugin (Captcha) had over 300,000 active installs, so they wondered what was up - they got hold of the plugin, trolled through the code and found an automatic update that installs a backdoor.

    A backdoor file allows an attacker, or in this case, a plugin author, to gain unauthorized administrative access to your website. This backdoor creates a session with user ID 1 (the default admin user that WordPress creates when you first install it), sets authentication cookies, and then deletes itself.

    The backdoor installation code is unauthenticated, meaning anyone can trigger it.
    This is an extension of the other post I made awhile back about people buying popular plugins and then pushing out updates with exploits. In the article they mention a bunch of other plugins also bought by this same group, and others had the same backdoor built in. For those of you running Wordpress, you may want to check this out.

    Full article You must register/login in order to see the link..
     
  2. Dec 20, 2017
  3. maxd

    maxd Complaints (PAB) Manager Staff Member

    Occupation:
    The PAB Guy
    Location:
    Saltirelandia
    Excellent post! Thank you.
     
    chayton likes this.
  4. Dec 22, 2017
  5. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    If you have time, be sure to read the linked article about 'Mason Soiza' (aka Kevin Danna) - who's the dude behind this. Among other things, he's a casino affiliate, and I've seen at least one of his sites where he's linking to some pretty decent casinos (for instance Mr. Green and Royal Panda)

    Makes me wonder if this kind of hack is behind the "Man gets kicked out of car dealership and then comes back with his Ferrari after winning at xy casino...." stories that seem to be popping up on various non-gambling websites.
     

Share This Page