wbolt.com

@wbolt · wordpress.org profile ↗

Member since: 2016-03-20
Location: China
Employer: —
Job title: —
Authored: 15 (5 closed)
SVN commit access: 7
Readme contributor: 0
Combined install base: 15k+ across 15 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert

Critical code_pattern Spider Analyser – WordPress搜索引擎蜘蛛分析插件 Resolved · false_positive_legit_ip_use 2d ago

Slug	spider-analyser
Pattern	`hardcoded_ip_url`
Kind	`builtin`
Version	`2.1.3`
Hit count	3
First hit	File `spider_info.php` Line 8,889 Snippet `'bot_url' => 'http://195.37.190.77/',`
Explanation	plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.

View raw JSON

{
    "slug": "spider-analyser",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "2.1.3",
    "hit_count": 3,
    "first_hit": {
        "file": "spider_info.php",
        "line": 8889,
        "snippet": "'bot_url' => 'http://195.37.190.77/',"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

Plugins authored (15)

Plugin	Version	Installs	Last updated	Status
Smart SEO Tool – SEO优化插件 ·`smart-seo-tool`	4.1.2	5k+	10mo ago	Active
Spider Analyser – WordPress搜索引擎蜘蛛分析插件 ·`spider-analyser`	2.1.3	3k+	10mo ago	Active
多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 ·`baidu-submit-link`	4.2.11	2k+	1y ago	Active
IMGspider – 图片采集抓取插件 ·`imgspider`	2.3.12	2k+	7mo ago	Active
Online Contact Widget-多合一在线客服插件 ·`online-contact-widget`	1.3.0	900	6mo ago	Active
Smart Keywords Tool – 智能关键词插件 ·`smart-keywords-tool`	1.7.1	700	10mo ago	Active
WPTurbo -WordPress性能优化插件 ·`wpturbo`	3.0.1	600	4mo ago	Active
MagicPost – WordPress文章管理功能增强插件 ·`magicpost`	2.0.0	200	9mo ago	Active
HTML代码优化工具 ·`clear-html-tags`	1.1.2	100	3y ago	Active
WP VK-付费内容插件（付费阅读/资料/工具软件资源管理） ·`wp-vk`	1.5.4	80	10mo ago	Active
WP百度翻译插件 ·`wp-baidu-fanyi`	1.1.0	—	—	Closed
博客社交分享组件 ·`donate-with-qrcode`	1.4.5	—	—	Closed
WordPress WVIP ·`wp-wvip`	0.1.5	—	—	Closed
WP资源下载管理 ·`download-info-page`	1.3.9	—	—	Closed
Kill 429 -完美解决WordPress 429 Too Many Requests报错 ·`kill-429`	1.1.0	—	—	Closed

SVN commit access (7)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条	wbolt	2k+	109	10y ago	1y ago	Active
Smart SEO Tool – SEO优化插件	wbolt	5k+	50	7y ago	10mo ago	Active
Smart Keywords Tool – 智能关键词插件	wbolt	700	40	6y ago	10mo ago	Active
IMGspider – 图片采集抓取插件	wbolt	2k+	39	6y ago	7mo ago	Active
Spider Analyser – WordPress搜索引擎蜘蛛分析插件	wbolt	3k+	38	5y ago	10mo ago	Active
Online Contact Widget-多合一在线客服插件	wbolt	900	17	4y ago	6mo ago	Active
WPTurbo -WordPress性能优化插件	wbolt	600	8	3y ago	4mo ago	Active