Wordpress triberr.com plugin

[bad_brain]

been wondering about the increased load on one of my servers (not EXTREMELY increased but remarkable, from the usual 0.2 - 0.6 to a pretty permanent 1.1), so I dug around in the logs a bit and stumbled over this one:



after searching the website files for the string it turned out to be caused by this plugin:
http://wordpress.org/plugins/triberr-wordpress-plugin/" onclick="window.open(this.href);return false;

will see what their support says....

[cwdykarn]

I read the posts in their support section, and it is a codeing error by the looks of it.

hope this point you towards a solution

Code: Select all

http://wordpress.org/support/topic/issues-with-resource-pathways

regards @cwDYKARN

[bad_brain]

thanks for looking it up buddy....

it didn't solve the issue with the log entries, but that's actually just a really minor annoyance because all it does is eating up some MB of disk space. I did solve the server load issue with some highly complicated and too hard to explain coding techniques though....ooook....I restarted mysql...
no idea what happened there, after the restart the load caused by mysql is back to normal (before it was almost permanent at 100%, which I thought is caused by the lots of failed requests by the script), no caches or buffers were full or fragmented....oh well, I'll file it under "don't ask why, just be glad".

[bad_brain]

oook.....a few minutes after my last post: same happened again.

but THIS time I found the reason, it's another Wordpress site where a database query is hanging....seems it's a weekly cronjob so I will check if the same happens in 7 days again, if yes I will have to take a closer look.
for now finding and killing the process did the job:

[cwdykarn]

Hmm thats odd ^.^ well i do hope you sort it out.

Wordpress can be a real bitch to deal with sometimes, atlest when customers is loading all kinds of error prone pluggins. GL HF x)

[bad_brain]

of course it happened again 1 hour after I killed the process...

so yeah, I had to check it out, and tadaaaaa:
https://wordpress.org/plugins/mini-mail ... rd-widget/" onclick="window.open(this.href);return false;

that's the plugin causing all that trouble. not that it's only insecure (there are exploits for it, my server security settings would block them though), it's also obviously generally coded in a sloppy way.
now get this: it runs a cronjob which checks for new messages (or something like that) every couple of seconds....and every time it does that it writes it to the database as some form of log (which is totally silly, because all it logs is "cronjob ran"). to make it even worse it seems not to be able to purge old entries, so the database table for those logs in phpmyadmin was already 4762 pages (with 30 entries per page)...
no wonder MySQL was like "what the hell is going on here?"...

to make it even additionally worse the database tables created by that plugin are NOT removed when you uninstall it....so I had to do that manually too. what a poopy plugin...

[cwdykarn]

good job sorting it out

well uninstalling it, was possible the only viable option tbh, sence the code base havent been updated for well over a year ^.^. I did a brief review of the code and found a few fun things to play around with

HTTP response splitting

Code: Select all

function wpmm_ajax_get_file($user_ID)

File manipulation

Code: Select all

 function wpmm_upload()

XSS

Code: Select all

function wpmm_ajax_get_file($user_ID)

havent had any time to verify them yet though

well iam of to have some fun