17 May 2016

200+ Active Installs Is Enough For Someone To Try Exploit a Possible Security Issue

When looking at hacking attempts against websites one of the important things to understand is that only a minuscule amount of those attempts have any chance of succeeding. One of the reason for that is that hackers are rather indiscriminate in their hacking attempts so you end with a lot of hacking attempts for software that isn’t used on the website. Even knowing that, it still sometimes surprising to see how obscure of an issue hackers will try to exploit. Take for instance something we recently saw on one of our website, we have several requests for a files from the WordPress plugin WP STORE:

/wp-content/plugins/wpstore/includes/functions/payment/Cielo/logs/log.log
/wp-content/plugins/wpstore/includes/functions/payment/cielo/logs/xml.log
/wp-content/plugins/wpstore/includes/functions/payment/Cielo/logs/xml.log
/loja/wp-content/plugins/wpstore/includes/functions/payment/Cielo/logs/xml.log
/home/wp-content/plugins/wpstore/includes/functions/payment/Cielo/logs/log.log
/home/wp-content/plugins/wpstore/includes/functions/payment/Cielo/logs/xml.log [Read more]