Malicious or Unsafe files in Comet Cache Plugin - Spam:HTML/spamtags.3942

#1

Hi there,
I’ve lately installed Comet Cache Plugin it works perfectly but since then I hackers putting HTML spam file in Comet Cache and WordFence scan notifies my about it.

Here is what the error look like.

Critical Problems:

  • File appears to be malicious or unsafe: wp-content/cache/comet-cache/cache/https/www-theidioms-com/index.q/0fc7841a48607565ab58518491aa4f1e.html

Please screenshot below.

I don’t why and how this is happening I never faced the issue with WP Super Cache.

I wish to stay with Comet Cache unless I get my site hacked or spammed.

Geeks, I request you see the issue and fix it so the hackers could add HTML files. It’s a critical problems.

Please screenshot below. I hope see it fixed soon.

Thank you,
TJ from Theidioms.com

Screenshot_4
Screenshot_4.png1682×936 98.2 KB

#2

Hi Tejinder.

If you click on “view file”, what page do you get?

If I use your site’s search tool, I don’t get results for that term, but for some reason Google has a result.

i did a google search of your site for “viagra” and got one result: https://www.google.com/search?q=site%3Awww.theidioms.com+viagra

if you click on it, your site says that it didn’t find that, tough. I wonder if that result page on your site is the one being cached, though, and that’s what you see in your scan.

You could do a test: do the google search, click on the result link, and on your site, from the admin bar under Comet Cache’s menu, clear the cache for that page/url, then do the security scan again and see if it changed.

By the way, love your site, used it a few times in the past. :slight_smile:

1 Like
#3

Hi Cristian,
Thank you for your reply.
When I click on that, though it show me an error of access denied.
But I just want to let you guys know that hackers are trying to tresspassing the default Comet Cache directory whereas it’s not the case when you use WP Super Cache.

I suggest you please make it a bit more secure so that hackers couldn’t create external files into this.

I’ve cleared it many times and fixed the error with Wordfence but they hackers insert the file over and over again. They are not getting a success though. No I also have changed the default cache directory.

I again request you to notify you developers to it more secure - just stop them to write an HTML files.

And thank you much for loving our website Cristian. :smiling_face_with_three_hearts::heart_eyes::blush::pray:

Kind Regards,
TJ