Spider Analyser – WordPress搜索引擎蜘蛛分析插件

spider-analyser · by wbolt · wordpress.org ↗ · SVN ↗

Active installs: 3k+
Current version: 2.1.3
Added: 2020-07-10
Last updated: 2025-06-09 (10mo ago)
First seen by beacon: 11d ago
Total downloads: 128,680

Alerts (0)

No open alerts.

Show 1 resolved alert

Critical code_pattern Resolved · false_positive_legit_ip_use 2026-04-30 15:25:30 (2d ago)

Slug	spider-analyser
Pattern	`hardcoded_ip_url`
Kind	`builtin`
Version	`2.1.3`
Hit count	3
First hit	File `spider_info.php` Line 8,889 Snippet `'bot_url' => 'http://195.37.190.77/',`
Explanation	plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.

View raw JSON

{
    "slug": "spider-analyser",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "2.1.3",
    "hit_count": 3,
    "first_hit": {
        "file": "spider_info.php",
        "line": 8889,
        "snippet": "'bot_url' => 'http://195.37.190.77/',"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

SVN committers (2)

Accounts with actual commit access to spider-analyser on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
wbolt.com	2016-03-20	38	2020-07-10 · r2338422	2025-06-09 · r3308232
plugin-master	2007-03-09	1	2020-06-30 · r2333131	2020-06-30 · r2333131

Readme contributors (2)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
wbolt.com	2016-03-20	38 commits	Active
mrkwong	2016-03-26	—	Active

Versions (36 most recent)

Version	Released	Download
2.1.3	2025-06-09 · 10mo ago	zip
2.1.2	2025-04-27 · 1y ago	zip
2.1.1	2025-04-27 · 1y ago	zip
2.1.0	2025-04-26 · 1y ago	zip
2.0.1	2025-02-14 · 1y ago	zip
2.0.0	2025-01-20 · 1y ago	zip
1.4.2	2024-07-30 · 1y ago	zip
1.4.1	2024-04-20 · 2y ago	zip
1.4.0	2023-12-06 · 2y ago	zip
1.3.11	2023-03-24 · 3y ago	zip
1.3.10	2023-03-10 · 3y ago	zip
1.3.9	2023-03-09 · 3y ago	zip
1.3.8	2022-06-09 · 3y ago	zip
1.3.7	2022-04-09 · 4y ago	zip
1.3.6	2022-04-08 · 4y ago	zip
1.3.5	2022-04-01 · 4y ago	zip
1.3.4	2022-02-17 · 4y ago	zip
1.3.3	2021-12-30 · 4y ago	zip
1.3.2	2021-12-27 · 4y ago	zip
1.3.1	2021-10-26 · 4y ago	zip
1.3.0	2021-10-11 · 4y ago	zip
1.2.5	2021-09-01 · 4y ago	zip
1.2.4	2021-05-18 · 4y ago	zip
1.2.3	2021-03-22 · 5y ago	zip
1.2.2	2021-03-03 · 5y ago	zip
1.2.1	2021-01-26 · 5y ago	zip
1.2.0	2020-12-07 · 5y ago	zip
1.1.4	2020-11-13 · 5y ago	zip
1.1.3	2020-11-10 · 5y ago	zip
1.1.2	2020-10-12 · 5y ago	zip
1.1.1	2020-09-08 · 5y ago	zip
1.1.0	2020-08-15 · 5y ago	zip
1.0.3	2020-07-29 · 5y ago	zip
1.0.2	2020-07-16 · 5y ago	zip
1.0.1	2020-07-11 · 5y ago	zip
1.0.0	2020-07-10 · 5y ago	zip