WordPress.org

Ready to get started?Download WordPress

Forums

UpdraftPlus Backup and Restoration for WordPress
[resolved] lfd suspicious files (4 posts)

  1. dubh
    Member
    Posted 5 months ago #

    Why does this plugin drop writable file in public tmp/ for anyone to modify?

    File: /tmp/public_html.20356221.225017/public_html/wp-includes/class-http.php
    Reason: Script, file extension
    Owner: borang:borang (518:517)
    Action: Moved into /var/lib/csf/suspicious.tar

    https://wordpress.org/plugins/updraftplus/

  2. David Anderson
    Member
    Plugin Author

    Posted 5 months ago #

    Hi,

    Sir, I never started beating my wife!
    https://en.wikipedia.org/wiki/Loaded_question

    i.e. There is no such code. UD only has code to create zip files, not to create copies of individual files... and the various PHP zip modules all create their temporary files (which are again all zip files, not copies of individual files) in wp-content/updraft.

    David

  3. dubh
    Member
    Posted 5 months ago #

    Lady, I doubt you have a wife pussy.
    Judging by your answer this code leaves a big hole for hackers.

  4. David Anderson
    Member
    Plugin Author

    Posted 5 months ago #

    To speak plainly: you're in the wrong forum... something else has created those files on your server, but not UD.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.