WordPress.org

Ready to get started?Download WordPress

Forums

Tmp Folder Hacked Used to Upload Malicious Scripts (8 posts)

  1. postjoe.com
    Member
    Posted 2 years ago #

    The tmp folder used for image uploads on my site has been hacked/used to upload malicious scripts. I have scoured the forums looking for the correct chmod for the tmp folder.

    What is the correct chmod for the temp folder, that will not allow malicious scripts to be uploaded/downloaded/executed but will allow images to be uploaded.

    Please help.

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    WordPress doesn't have a temp folder, so you'll need to ask your hosts about this.

  3. postjoe.com
    Member
    Posted 2 years ago #

    Thanks for the response. The temp folder is used by WordPress and it is essential for the image uploading of WordPress to work. Is there another way to get images to upload that does not use this temp folder?

  4. esmi
    Forum Moderator
    Posted 2 years ago #

    You could have a look at http://wordpress.org/extend/plugins/add-from-server/

    But if your tmp folder has been compromised, then you need to find out how.

  5. MickeyRoush
    Member
    Posted 2 years ago #

    @ dreadcarno

    Is the tmp folder in question located in your WordPress install? Like in wp-content? Or are you talking about your actually server's tmp folder?

  6. postjoe.com
    Member
    Posted 2 years ago #

    @MicheyRoush

    Probably the server's tmp folder, the fold in question is required for the image uploads to work.

  7. The tmp folder used for image uploads on my site has been hacked/used to upload malicious scripts.

    Sorry, just as a level set: what's the path on your server's file system for the tmp folder you mention? If you mean /tmp then, no WordPress doesn't use it. PHP may, but a stock WordPress installation doesn't.

    It does use wp-content/ a lot. Are you talking about a folder there?

    Either way ask up host for assistance. They may be able to sort this out for you.

  8. postjoe.com
    Member
    Posted 2 years ago #

    Thanks for all the replies!

    It turns out upon investigation with my host (godaddy) that one of my many wordpress sites which was used for dev. work was hacked via the famous timthumb.php. This was not immediately obvious because the site that was hacked was not in current use, and the theme in question (Nova, of Elegant Themes) was not active. The hackers left some traces in at root level in x.txt. Apparently, having called a so far unknown script and the wp-mail.php...

    Any ideas how to make sure my database is clean?

Topic Closed

This topic has been closed to new replies.

About this Topic