[wp-hackers] Hookd? Sketchy Plugin Include
MarciaK
marcia at stepping-in-style.com
Tue Jan 3 22:11:03 UTC 2012
Otto <otto <at> ottodestruct.com> writes:
>
> On Tue, Sep 13, 2011 at 8:18 PM, Jackson Whelan <jw <at> jacksonwhelan.com>
wrote:
> > First thing I did was email plugins <at> wordpress.org. Apologies if
discussing here is out of order.
>
> Yes, sometimes it takes us longer than a couple hours. :)
>
> And it's not "out of order", it's just unnecessary. Like security
> problems, we prefer to handle them with the plugin author privately
> first, because in many cases the plugin author was unaware of the
> problem and will act quickly to remedy the issue. No need to publicly
> give somebody a black eye unless they really deserve it.
>
> > Found another using the same hookd class and emailed plugins <at>
wordpress.org
>
> Cool deal, thanks!
>
> -Otto
>
I'm glad he did post it - I've seen a lot of adds, deletes, changes, file
permission changes in a directory called wp-content/cache/hookd/ many followed
by my domain name, but not all of them.
I'm not a programmer, so I've been trying to figure out what is going on, and
if I should be concerned, and what steps if any I should be taking. My
WordPress and all my plugins are current. I have a hit counter "WordPress Hit
Counter" v2.6 on my site.
I haven't noticed any malicious activity on the customer facing part of my
website.
Any advice on what I should be doing?
Marcia
More information about the wp-hackers
mailing list