WordPress Google Forms V0.88-beta-2 Available

For the past week I have been working with WordPress.org to get my Google Forms plugin relisted.  They recommended a different approach to addressing the security concern than I had implemented.

It took a little longer than I expected to get their recommendation working but I have implemented the fixes recommended by the WordPress Security Team and am in the process of getting the plugin listed again.

I would like to enlist some additional testing besides my small suite of test cases with the updated code.

Google Forms Beta (428 downloads)

WordPress Google Forms v0.88-beta-1 available

Last week I was notified my Google Forms plugin had a potential security flaw and would be de-listed from the plugin repository until addressed.  I have implemented the fixes recommended by the WordPress Security Team and am in the process of getting the plugin listed again.

I would like to enlist some additional testing besides my small suite of test cases with the updated code.

Google Forms Beta (428 downloads)

Let me know ASAP if you encountered any issues with this beta release of the plugin.

Dealing with login attacks

For the past month or so, my main site (this one) plus a couple others I have on the same hosting account have been under constant brute force login attack. A long time ago I had set up the Limit Login Attempts plugin and it seemed to be helping. But it doesn’t stop the attacks. It just makes the attackers change their IP addresses more frequently.

Like a lot of WordPress developers, I have a number of sites I’ve thrown together to show someone something or to test things out. I usually clean them up when I am done with them but every once in a while I forget about them. It looks like one of the really old ones I had forgotten about was compromised in early August. As a result I had some malware all over my hosting account. Bah. What a PITA to clean up.

I did a few things fairly quickly:

  1. I deleted all of the sites I no longer needed. I should have done this a long time ago as there was some really old stuff just sitting around in my hosting account.
  2. I installed a fresh copy of the latest WordPress release to overwrite any files which were infected.
  3. I installed Securi Scanner plugin which was pretty good and identifying a bunch of files which shouldn’t be present. Unfortunately it doesn’t handle the wp-content folder (where plugins, themes, and uploads all live by default).

These things cleaned up a lot. This left me to find what else was suspect. The suspect code had a pattern to it where the one or two variables, $qV[] and $sF[], was always present. I used a couple “find” commands to find all of the PHP files which contained these variables.  Some I found, some I edited, some I simply removed.


find . -type f -name '*.php' -exec grep -l '$sF' {} \;
vi `find . -type f -name '*.php' -exec grep -l '$sF' {} \;`
rm `find . -type f -name '*.php' -exec grep -l '$sF' {} \;`

Similarly, there was a suspect Javascript files.  In the end, it took me the several hours a day across 2-3 days to clean up the mess.  Yuch.  Since this happened I’ve installed Sucuri Security and it seems to have helped.  The one downside I ran into was using some of the “hardening” features seems to have created a .htaccess file in the wp-includes folder which prevented the Visual Editor from working.  That took a little while to track down.

 

Email User 4.7.6 released

About a week ago I got a notice from WordPress.org letting me know Email Users had been de-listed from the plugin repository due to potential security exploit. While the odds were low, it was still a vulnerability which required fixing. This came at a time I was heading to Taiwan for work so my ability to fix it quickly was limited.

This morning I had some cycles to work on it while traveling home. I made the necessary fixes, committed them to Subversion, and informed WordPress.org. I just received a notice from WordPress that Email Users has been listed again. It may take a day or two to propagate through their cache.

Look for the version update notice on your Dashboard and I highly recommend installing this update. There is one other fix for users who use the Ithinx Groups plugin which had a bug in it.