[diso-project] Phishing enabled by OpenId plugin on WordPress ?
8 views
Skip to first unread message
Jérôme in Paris
May 3, 2010, 4:41:06 PM5/3/10
to Diso Project
Hi,
My website has been desabled this morning by my hoster because of a
phishing issue.
The reason invoked was :
« Your site is used for phishing operations at the following address:
https:// [my site] /openid/secure_ID/verified_by_paypal/
webscrcmd=login-run/cgi-bin/_login/ »
I checked my WP installation (up to date 2.9.2, all plugins up to
date, too) and find no corrupted file nor data.
So my conclusion is that my site wasn't hacked, but that there is a
weakness in OpenId plugin enabling this "phishing operation". Thus, I
deactivated the plugin and for now, I'm waiting for my site
reactivation.
I wish I was wrong and I missed something somewhere ... so if you
could enlighten me and point at something I should check... that would
be nice!
Sorry if it's not the right place to send this type of request (if so,
please tell me where I should rather post it)
Regards,
Jérôme, Paris, France.
--
You received this message because you are subscribed to the Google Groups "Diso Project" group.
To post to this group, send email to diso-p...@googlegroups.com.
To unsubscribe from this group, send email to diso-project...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/diso-project?hl=en.
My website has been desabled this morning by my hoster because of a
phishing issue.
The reason invoked was :
« Your site is used for phishing operations at the following address:
https:// [my site] /openid/secure_ID/verified_by_paypal/
webscrcmd=login-run/cgi-bin/_login/ »
I checked my WP installation (up to date 2.9.2, all plugins up to
date, too) and find no corrupted file nor data.
So my conclusion is that my site wasn't hacked, but that there is a
weakness in OpenId plugin enabling this "phishing operation". Thus, I
deactivated the plugin and for now, I'm waiting for my site
reactivation.
I wish I was wrong and I missed something somewhere ... so if you
could enlighten me and point at something I should check... that would
be nice!
Sorry if it's not the right place to send this type of request (if so,
please tell me where I should rather post it)
Regards,
Jérôme, Paris, France.
--
You received this message because you are subscribed to the Google Groups "Diso Project" group.
To post to this group, send email to diso-p...@googlegroups.com.
To unsubscribe from this group, send email to diso-project...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/diso-project?hl=en.
Will Norris
May 3, 2010, 5:48:21 PM5/3/10
to diso-p...@googlegroups.com
who is your hosting provider? Did they give you any more information on why they thought your site was involved in phishing, aside from this URL? Trying this same URL on my site does absolutely nothing:
https://willnorris.com/openid/secure_ID/verified_by_paypal/webscrcmd=login-run/cgi-bin/_login
which is the expected behavior. The plugin keys off of the URL segment after "/openid/"... in this case "secure_ID" is meaningless, so the plugin ignores the request. What happens when you visit that URL on your own site?
-will
https://willnorris.com/openid/secure_ID/verified_by_paypal/webscrcmd=login-run/cgi-bin/_login
which is the expected behavior. The plugin keys off of the URL segment after "/openid/"... in this case "secure_ID" is meaningless, so the plugin ignores the request. What happens when you visit that URL on your own site?
-will
Jérôme in Paris
May 3, 2010, 5:54:17 PM5/3/10
to Diso Project
Will,
Thank you for your quick answer.
In fact, my alert was unwarranted.
WP OpenId plugin has nothing to do with the problem encountered. In
fact, it's a old version of an openid server, installed 2 yrs ago for
some tests purpose that was concerned.
Sorry for this blunder!!!
Jérôme
On 3 mai, 23:48, Will Norris <w...@willnorris.com> wrote:
> who is your hosting provider? Did they give you any more information on why
> they thought your site was involved in phishing, aside from this URL?
> Trying this same URL on my site does absolutely nothing:
>
> https://willnorris.com/openid/secure_ID/verified_by_paypal/webscrcmd=...
> > diso-project...@googlegroups.com<diso-project%2Bunsu...@googlegroups.com>
> > .
Thank you for your quick answer.
In fact, my alert was unwarranted.
WP OpenId plugin has nothing to do with the problem encountered. In
fact, it's a old version of an openid server, installed 2 yrs ago for
some tests purpose that was concerned.
Sorry for this blunder!!!
Jérôme
On 3 mai, 23:48, Will Norris <w...@willnorris.com> wrote:
> who is your hosting provider? Did they give you any more information on why
> they thought your site was involved in phishing, aside from this URL?
> Trying this same URL on my site does absolutely nothing:
>
>
> which is the expected behavior. The plugin keys off of the URL segment
> after "/openid/"... in this case "secure_ID" is meaningless, so the plugin
> ignores the request. What happens when you visit that URL on your own site?
>
> -will
>
> which is the expected behavior. The plugin keys off of the URL segment
> after "/openid/"... in this case "secure_ID" is meaningless, so the plugin
> ignores the request. What happens when you visit that URL on your own site?
>
> -will
>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/diso-project?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups "Diso Project" group.
> To post to this group, send email to diso-p...@googlegroups.com.
> To unsubscribe from this group, send email to diso-project...@googlegroups.com.
> For more options, visit this group athttp://groups.google.com/group/diso-project?hl=en.
> >http://groups.google.com/group/diso-project?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups "Diso Project" group.
> To post to this group, send email to diso-p...@googlegroups.com.
> To unsubscribe from this group, send email to diso-project...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages