老蒋和他的小伙伴

@laobuluo · wordpress.org profile ↗

Member since: 2019-03-22
Location: —
Employer: —
Job title: —
Authored: 13 (1 closed)
SVN commit access: 6
Readme contributor: 0
Combined install base: 5k+ across 13 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert

Critical code_pattern WPOSS阿里云对象存储 Resolved · false_positive_legit_ip_use 2d ago

Slug	wposs
Pattern	`hardcoded_ip_url`
Kind	`builtin`
Version	`5.0`
Hit count	1
First hit	File `sdk/aliyun-oss-php-sdk/src/OSS/OssClient.php` Line 2,705 Snippet const OSS_HOST_TYPE_IP = "ip"; //http://1.1.1.1/bucket/object
Explanation	plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.

View raw JSON

{
    "slug": "wposs",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "5.0",
    "hit_count": 1,
    "first_hit": {
        "file": "sdk/aliyun-oss-php-sdk/src/OSS/OssClient.php",
        "line": 2705,
        "snippet": "const OSS_HOST_TYPE_IP = \"ip\";  //http://1.1.1.1/bucket/object"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

Plugins authored (13)

Plugin	Version	Installs	Last updated	Status
WPWaterMark 轻水印插件 ·`wpwatermark`	5.2.1	1k+	4d ago	Active
WPOSS阿里云对象存储 ·`wposs`	5.0	1k+	2mo ago	Active
WPReplace内容字符替换插件 ·`wpreplace`	7.2	900	2mo ago	Active
WPCopyRights网站防复制插件 ·`wpcopyrights`	6.6	600	6d ago	Active
WPQiNiu七牛云对象存储 ·`wpqiniu`	5.0	400	2mo ago	Active
WPCOS腾讯云对象存储COS ·`wpcos`	4.8	300	2mo ago	Active
百度快速收录提交插件 ·`laobuluo-baidu-submit`	3.0	200	2mo ago	Active
WPUPYUN又拍云云存储 ·`wpupyun`	4.0	100	2mo ago	Active
LeSeo ·`leseo`	1.2.10	20	1mo ago	Active
WPFTP ·`wpftp`	5.3	10	6d ago	Active
优刻得UCloud对象存储插件 ·`wpufile-ucloud`	3.0	10	2mo ago	Active
WPKuaiYun ·`wpkuaiyun`	2.3	10	2mo ago	Active
自动内链关键字插件(CNWPer SEO Tags) ·`cnwper-seo-tags`	2.3	—	—	Closed

SVN commit access (6)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
WPOSS阿里云对象存储	laobuluo	1k+	35	7y ago	1mo ago	Active
WPCOS腾讯云对象存储COS	laobuluo	300	32	6y ago	1mo ago	Active
WPWaterMark 轻水印插件	laobuluo	1k+	31	6y ago	4d ago	Active
WPReplace内容字符替换插件	laobuluo	900	28	6y ago	1mo ago	Active
WPCopyRights网站防复制插件	laobuluo	600	27	6y ago	6d ago	Active
WPQiNiu七牛云对象存储	laobuluo	400	22	6y ago	1mo ago	Active