老蒋和他的小伙伴

Member since
2019-03-22
Location
Employer
Job title
Authored
15 (1 closed)
SVN commit access
10 (1 closed)
Readme contributor
0
Combined install base
4k+ across 15 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern WPOSS阿里云对象存储 Resolved · false_positive_legit_ip_use 2mo ago
Slugwposs
Patternhardcoded_ip_url
Kindbuiltin
Version5.0
Hit count1
First hit
File
sdk/aliyun-oss-php-sdk/src/OSS/OssClient.php
Line
2,705
Snippet
const OSS_HOST_TYPE_IP = "ip"; //http://1.1.1.1/bucket/object
Explanationplugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.
View raw JSON
{
    "slug": "wposs",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "5.0",
    "hit_count": 1,
    "first_hit": {
        "file": "sdk/aliyun-oss-php-sdk/src/OSS/OssClient.php",
        "line": 2705,
        "snippet": "const OSS_HOST_TYPE_IP = \"ip\";  //http://1.1.1.1/bucket/object"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

Plugins authored (15)

Plugin Version Installs Last updated Status
WPWaterMark 轻水印插件 ·wpwatermark 5.2.4 1k+ 22d ago Active
WPOSS阿里云对象存储 ·wposs 5.0 1k+ 13d ago Active
WPReplace内容字符替换插件 ·wpreplace 7.4 800 16d ago Active
WPCopyRights网站防复制插件 ·wpcopyrights 6.10 500 16d ago Active
WPQiNiu七牛云对象存储 ·wpqiniu 5.0 400 13d ago Active
WPCOS腾讯云对象存储COS ·wpcos 4.8 300 13d ago Active
百度收录提交插件 ·laobuluo-baidu-submit 3.1 200 16d ago Active
WPUPYUN又拍云云存储 ·wpupyun 4.0 100 13d ago Active
WPFTP ·wpftp 5.4 20 14d ago Active
LeSeo ·leseo 1.3.0 10 28d ago Active
优刻得UCloud对象存储插件 ·wpufile-ucloud 3.0 10 13d ago Active
WPKuaiYun ·wpkuaiyun 2.3 10 13d ago Active
LeTDK ·letdk 1.1.1 14d ago Active
lecouponcopy ·lecouponcopy 1.2.2 16d ago Active
自动内链关键字插件(CNWPer SEO Tags) ·cnwper-seo-tags 2.3 Closed

SVN commit access (10)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
WPOSS阿里云对象存储 laobuluo 1k+ 36 7y ago 13d ago Active
WPCOS腾讯云对象存储COS laobuluo 300 33 7y ago 13d ago Active
WPWaterMark 轻水印插件 laobuluo 1k+ 32 6y ago 1mo ago Active
WPCopyRights网站防复制插件 laobuluo 500 32 6y ago 16d ago Active
WPReplace内容字符替换插件 laobuluo 800 30 6y ago 16d ago Active
WPQiNiu七牛云对象存储 laobuluo 400 23 6y ago 13d ago Active
WPUPYUN又拍云云存储 laobuluo 100 23 6y ago 13d ago Active
LeSeo laobuluo 10 19 3y ago 3mo ago Active
百度收录提交插件 laobuluo 200 16 5y ago 16d ago Active
自动内链关键字插件(CNWPer SEO Tags) laobuluo 5 6y ago 5y ago Closed