WP Beacon

nintechnet

@nintechnet · wordpress.org profile ↗
Member since
2013-02-14
Location
Bangkok ~ Hongkong
Employer
The Ninja Technologies Network
Job title
Authored
4 (1 closed)
SVN commit access
4 (1 closed)
Readme contributor
1
Combined install base
138k+ across 5 plugins

Alerts (0)

No open alerts.

Show 4 resolved alerts
Critical code_scan_match NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall Resolved · code_scan_fp_class_vendored_lib_data_table 17d ago
Slugninjafirewall
Finding count2
Findings
PatternKindFileLineSnippetConfidence
hardcoded_ip_urlbuiltinlib/help.php250<p><strong>' . __('Block HTTP requests with an IP in the <code>HTTP_HOST</code> header', 'ninjafirewall'). '</strong><br />' . sprintf( __('This option will reject any request using an IP instead ofhigh
serialized_admin_rolebuiltinlib/utils.php1,319if ( strpos( $value, 's:13:"administrator"') === FALSE &&high
Resolved sha1095ac9416dc08e5caf20e6f832baafd1a48e900
View raw JSON
{
    "slug": "ninjafirewall",
    "finding_count": 2,
    "findings": [
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "lib/help.php",
            "line": 250,
            "snippet": "<p><strong>' . __('Block HTTP requests with an IP in the <code>HTTP_HOST</code> header', 'ninjafirewall'). '</strong><br />' . sprintf( __('This option will reject any request using an IP instead of",
            "confidence": "high"
        },
        {
            "pattern": "serialized_admin_role",
            "kind": "builtin",
            "file": "lib/utils.php",
            "line": 1319,
            "snippet": "if ( strpos( $value, 's:13:\"administrator\"') === FALSE &&",
            "confidence": "high"
        }
    ],
    "resolved_sha": "1095ac9416dc08e5caf20e6f832baafd1a48e900"
}
Critical code_pattern NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall Resolved · false_positive_legit_ip_use 22d ago
Slugninjafirewall
Patternhardcoded_ip_url
Kindbuiltin
Version4.8.5
Hit count1
First hit
File
lib/help.php
Line
250
Snippet
<p><strong>' . __('Block HTTP requests with an IP in the <code>HTTP_HOST</code> header', 'ninjafirewall'). '</strong><br />' . sprintf( __('This option will reject any request using an IP instead of
Explanationplugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.
View raw JSON
{
    "slug": "ninjafirewall",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "4.8.5",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/help.php",
        "line": 250,
        "snippet": "<p><strong>' . __('Block HTTP requests with an IP in the <code>HTTP_HOST</code> header', 'ninjafirewall'). '</strong><br />' . sprintf( __('This option will reject any request using an IP instead of"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}
Critical code_pattern NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall Resolved · false_positive_defensive_string_check 22d ago
Slugninjafirewall
Patternserialized_admin_role
Kindbuiltin
Version4.8.5
Hit count1
First hit
File
lib/utils.php
Line
1,319
Snippet
if ( strpos( $value, 's:13:"administrator"') === FALSE &&
Explanationplugin source contains `s:13:"administrator"` — the PHP-serialized representation of the `administrator` role meta value. Used to bypass `wp_insert_user()` by writing directly to `wp_usermeta` with a hand-crafted capabilities string. Near-zero FP because legit code uses `WP_User::set_role()` instead of building the serialized form by hand.
View raw JSON
{
    "slug": "ninjafirewall",
    "pattern": "serialized_admin_role",
    "kind": "builtin",
    "version": "4.8.5",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/utils.php",
        "line": 1319,
        "snippet": "if ( strpos( $value, 's:13:\"administrator\"') === FALSE &&"
    },
    "explanation": "plugin source contains `s:13:\"administrator\"` \u2014 the PHP-serialized representation of the `administrator` role meta value. Used to bypass `wp_insert_user()` by writing directly to `wp_usermeta` with a hand-crafted capabilities string. Near-zero FP because legit code uses `WP_User::set_role()` instead of building the serialized form by hand."
}
Critical code_scan_delta NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall Resolved · false_positive_cdn_known_good 22d ago
Slugninjafirewall
Previous version4.8.5
Current version4.8.5
New findings
PatternKindFileLineSnippetConfidence
hardcoded_ip_urlbuiltinlib/help.php250<p><strong>' . __('Block HTTP requests with an IP in the <code>HTTP_HOST</code> header', 'ninjafirewall'). '</strong><br />' . sprintf( __('This option will reject any request using an IP instead ofhigh
serialized_admin_rolebuiltinlib/utils.php1,319if ( strpos( $value, 's:13:"administrator"') === FALSE &&high
New finding count2
View raw JSON
{
    "slug": "ninjafirewall",
    "previous_version": "4.8.5",
    "current_version": "4.8.5",
    "new_findings": [
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "lib/help.php",
            "line": 250,
            "snippet": "<p><strong>' . __('Block HTTP requests with an IP in the <code>HTTP_HOST</code> header', 'ninjafirewall'). '</strong><br />' . sprintf( __('This option will reject any request using an IP instead of",
            "confidence": "high"
        },
        {
            "pattern": "serialized_admin_role",
            "kind": "builtin",
            "file": "lib/utils.php",
            "line": 1319,
            "snippet": "if ( strpos( $value, 's:13:\"administrator\"') === FALSE &&",
            "confidence": "high"
        }
    ],
    "new_finding_count": 2
}

Plugins authored (4)

Plugin Version Installs Last updated Status
NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall ·ninjafirewall 4.8.5 100k+ 1mo ago Active
NinjaScanner – Virus & Malware scan ·ninjascanner 3.3 30k+ 1mo ago Active
SaferCheckout Lite – Fraud prevention for WooCommerce ·safercheckout-lite 1.10 10 1mo ago Active
NinjaWPass ·ninjawpass 1.0.5 Closed

SVN commit access (4)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall nintechnet 100k+ 200 10y ago 1mo ago Active
NinjaScanner – Virus & Malware scan nintechnet 30k+ 186 8y ago 1mo ago Active
NinjaWPass nintechnet 22 13y ago 8y ago Closed
Code Profiler – WordPress Performance Profiling and Debugging Made Easy bruandet 8k+ 2 1y ago 28d ago Active

Contributor on other plugins (1)

Plugins where this account is listed in the readme contributors (distinct from SVN commit access).

Plugin Primary author Version Installs
Code Profiler – WordPress Performance Profiling and Debugging Made Easy bruandet 1.9.2 8k+