I woke up this morning to 37 emails from my firewall plugin that it had stopped a potential attack on my website. Hm. Clearly, someone was busy last night.
I investigated, and found rather little information on the problem, but all of it from just the last several days. Whatever it is, it’s still new.
About the Problem
Uploadify if a service makes it easier to upload multiple files on your website, and it not strictly for WordPress. However, the problem with the WordPress plugin for this is that it can allow arbitrary and unauthorized uploading of files. Hackers could exploit this code issue to upload executable files to your web server that could affect your website or be used to affect other websites.
Are you vulnerable?
From the list of files that the hacker was trying to exploit, I have created this list of plugins and/or themes that may include uploadify and that could expose a vulnerability in your site.
If you have any of these plugins or themes on your site, it would be best to deactivate and delete them until the problem is resolved. Even an inactive plugin or theme can make your website vulnerable. Just because you aren’t using the theme or plugin doesn’t mean that hackers won’t try to take advantage of it to gain access to your web server.
Themes
- /themes/aim-theme/
- /themes/deep-blue/
- /themes/Famous/
- /themes/fresh_trailers/
- /themes/fresh_trailers_v2/
- /themes/megaframe (added 02/16/2013)
- /themes/pronto/
- /themes/wp-eden/
- /themes/wpnavigator/
- /themes/zcool-like/
- /plugins/1-flash-gallery/
- /plugins/announces/
- /plugins/apptivo-business-site/
- /plugins/bulletproof-security/
- /plugins/chillybin-competition/
- /plugins/comments-plugin
- /plugins/doptg/
- /plugins/foxypress/
- /plugins/gpress/
- /plugins/html5avmanager/
- /plugins/image-symlinks/
- /plugins/kish-multi/
- /plugins/lbg-vp2-html5-bottom/
- /plugins/motorcycle-inventory/
- /plugins/nmedia-user-file-uploader/
- /plugins/pods/
- /plugins/qr-color-code-generator-basic/
- /plugins/squace-mobile-publishing-plugin-for-wordpress/
- /plugins/wordpress-member-private-conversation/
- /plugins/wp-crm/
- /plugins/wp-property/
- /plugins/wp-symposium/
- /plugins/wpmarketplace/
- /plugins/uploader/
- /plugins/uploadify/
- /plugins/very-simple-post-images/
UPDATED: (August 6. 2012)
I got some more alerts from my website over the weekend for the same security issue. Here’s the other plugins that were being targeted.
- /plugins/mm-forms-community/
- /plugins/nmedia-user-file-uploader-pro-v7/
- /plugins/auctionPlugin/ (tried twice with different parameters)
- /plugins/ajax_multi_upload/ (tried twice with different filenames)
Again, if you have any of these plugins or themes on your site, backup your site, disable and delete the vulnerable plugin or theme, and check with the developer for an update. As I said above, even an inactive theme or plugin can be an entry point for a hacker to get into your website.
When my iPhone start buzzing repeatedly at 5:30am, I thought something was wrong with out. Turns out it was just someone trying to hack my website… WordPress Security Alert: uploadify.php