WordPress.org

Ready to get started?Download WordPress

Forums

EZPZ One Click Backup
Possible Security Flaw? :( (4 posts)

  1. zanzaboonda
    Member
    Posted 2 years ago #

    Hi all,

    I'm having some security issues, and I'm wondering if they could possibly be tied to this plugin?

    I really, truly, do not want to start any rumors. So don't take my word that there's a problem. I could be wrong. I'm just trying to find out if there is any validity to my worries and possibly warn others if there are.

    Now that the disclaimer is out of the way, here's what happened:

    I had EZPZ OCB (among other plugins) on several of my sites that got hacked (they redirect to a .ru website with malware). I had to shut down/reinstall/redo *all* of my websites because the backups from this plugin didn't work - none of them.

    My understanding was the hack happened because of a security breach with one of the versions of WP, then they released the update, etc.

    Anyway, several tears later...

    I had a fresh install of WP and BP on this site I've been working on, and I've spent the last few weeks setting it up, tweaking things. You know the drill. Hours upon hours upon hours of work. (I was *just* about to launch this to my local community and was doing some final optimization.)

    Here's the thing.

    I installed this plugin again after trying out another one that seemed to slow down my site too much per P3 (Plugin Performance Profiler). I activated it and ran the manual backup. It sat there for several minutes (I watched the timer), but nothing happened.

    Ran P3 again, site was actually a little bit slower, and this was the biggest cause (as was the other, now deactivated plugin). I decided to test out my website for myself to see if it felt slow to me.

    When I went to my homepage, it reloaded very slowly and basically with no theme. This is exactly what happened to me when I got hacked before. So I knew.

    I ran a Sucuri Site Check (http://sitecheck.sucuri.net/scanner/). It scanned a cache of the website from 2 days ago... clean. When I deleted the cache files from my site and rescanned, it came up as infected.

    :'(

    There are only a couple of plugins I have been playing with in those past two days, and this is one of them. I have shared hosting, and now two other sites, which were also clean installs, are infected as well.

    It might not have anything to do with this plugin. I honestly don't know enough to be sure.

    But I find it odd that this happened as *soon* as I used it. And it is a common thread (along with a few other plugins) that runs through my other hacked websites.

    Opinions? Any thoughts would be appreciated.

    I would also be eternally grateful for any security plugin recommendations, as the one I had clearly didn't work (or I used it incorrectly, which is always possible).

    Thanks in advance for your help.

    http://wordpress.org/extend/plugins/ezpz-one-click-backup/

  2. hunnsdon
    Member
    Posted 2 years ago #

    Hello user

    My new host company has removed all facilities such as exec() command, apparently these can lead to exploits and hacks of your site. I did use this plugin and it does work well. But my host was spending so much time chasing this kind of hack they opted out. Thus I guess making it more secure for the developer/site creator. EZPZ OCB plugin uses exec() command!

    The only other option I thought, was to use cron jobs with a script. They are out there but seem difficult even with the instructions provided. Then I found Xcloner, it's not as easy as EZPZ OCB, but not that hard either, give it a try. Its available in the plugin directory.

    http://wordpress.org/extend/plugins/xcloner-backup-and-restore/

    p.s. Also get yourself some knowledge on "htaccess"

  3. perezbox
    Member
    Posted 2 years ago #

    Hi

    Without doing a thorough code review and some pentesting it'll be hard to say if the plugin was the cause or whether it was a matter of circumstance. Going to add this to the list of plugins to play with in our sandboxes.

    FYI, a little trick on SiteCheck, when it shows you a cache results, scroll down and click 'Rescan'.. it'll manually crawl your site again..:)

    Another FYI, the use of the plugin could just be a coincidence.

    Here are some good articles that explain infections a bit more:

    http://blog.sucuri.net/2011/05/ask-sucuri-why-does-my-site-keep-getting-reinfected.html

    http://blog.sucuri.net/2011/10/remove-unsused-testing-debug-software-from-your-site.html

    http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html

    I'd recommend looking into this stuff as well.

  4. zanzaboonda
    Member
    Posted 2 years ago #

    @hunnsdon Thanks so much for the tip - trying it out now!

    @perezbox Thanks to you as well. :)

    I did a lot of research after my post, wound up having to gut out everything - from all of my websites - and mostly start over since the plugin failed me! (tears) I think the problem was actually with my hosting provider (GoDaddy), and I think they lied about it. (!)

    I certainly don't want to villify anyone's work unjustly. I hope it's just a coincidence. Considering the information from hunnsdon, it might be worth taking a look at if you do have time.

    Thanks again to both of you for responding. I do appreciate it. :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic