老蒋和他的小伙伴

@laobuluo · wordpress.org profile ↗

Member since: 2019-03-22
Location: —
Employer: —
Job title: —
Authored: 13 (1 closed)
SVN commit access: 10 (1 closed)
Readme contributor: 0
Combined install base: 5k+ across 13 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert

Critical code_pattern WPOSS阿里云对象存储 Resolved · false_positive_legit_ip_use 22d ago

Slug	wposs
Pattern	`hardcoded_ip_url`
Kind	`builtin`
Version	`5.0`
Hit count	1
First hit	File `sdk/aliyun-oss-php-sdk/src/OSS/OssClient.php` Line 2,705 Snippet const OSS_HOST_TYPE_IP = "ip"; //http://1.1.1.1/bucket/object
Explanation	plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.

View raw JSON

{
    "slug": "wposs",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "5.0",
    "hit_count": 1,
    "first_hit": {
        "file": "sdk/aliyun-oss-php-sdk/src/OSS/OssClient.php",
        "line": 2705,
        "snippet": "const OSS_HOST_TYPE_IP = \"ip\";  //http://1.1.1.1/bucket/object"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

Plugins authored (13)

Plugin	Version	Installs	Last updated	Status
WPWaterMark 轻水印插件 ·`wpwatermark`	5.2.1	1k+	24d ago	Active
WPOSS阿里云对象存储 ·`wposs`	5.0	1k+	3mo ago	Active
WPReplace内容字符替换插件 ·`wpreplace`	7.3	900	19d ago	Active
WPCopyRights网站防复制插件 ·`wpcopyrights`	6.7	600	18d ago	Active
WPQiNiu七牛云对象存储 ·`wpqiniu`	5.0	400	3mo ago	Active
WPCOS腾讯云对象存储COS ·`wpcos`	4.8	300	3mo ago	Active
百度快速收录提交插件 ·`laobuluo-baidu-submit`	3.0	200	3mo ago	Active
WPUPYUN又拍云云存储 ·`wpupyun`	4.0	100	3mo ago	Active
LeSeo ·`leseo`	1.2.10	30	2mo ago	Active
WPFTP ·`wpftp`	5.3	10	26d ago	Active
优刻得UCloud对象存储插件 ·`wpufile-ucloud`	3.0	10	3mo ago	Active
WPKuaiYun ·`wpkuaiyun`	2.3	10	3mo ago	Active
自动内链关键字插件(CNWPer SEO Tags) ·`cnwper-seo-tags`	2.3	—	—	Closed

SVN commit access (10)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
WPOSS阿里云对象存储	laobuluo	1k+	35	7y ago	2mo ago	Active
WPCOS腾讯云对象存储COS	laobuluo	300	32	6y ago	2mo ago	Active
WPWaterMark 轻水印插件	laobuluo	1k+	31	6y ago	24d ago	Active
WPQiNiu七牛云对象存储	laobuluo	400	22	6y ago	2mo ago	Active
WPUPYUN又拍云云存储	laobuluo	100	22	6y ago	2mo ago	Active
LeSeo	laobuluo	30	19	2y ago	2mo ago	Active
百度快速收录提交插件	laobuluo	200	15	5y ago	2mo ago	Active
自动内链关键字插件(CNWPer SEO Tags)	laobuluo	—	5	5y ago	5y ago	Closed
WPCopyRights网站防复制插件	laobuluo	600	1	6y ago	18d ago	Active
WPReplace内容字符替换插件	laobuluo	900	1	6y ago	19d ago	Active