WordPress.org

Ready to get started?Download WordPress

Forums

Amazon S3 Uploads
WARNING - Do not use this plugin! (4 posts)

  1. WStringer2
    Member
    Posted 1 year ago #

    There is a flaw in the code of this plugin that can result in ALL of the WP images being deleted from your S3 bucket! A malformed URL can trigger a DB error that initiates an "update" on all images in the S3, which results in the deletion of the images.

    It's fairly simple to fix the error if you know PHP, but as long as you are using unmodified code, your site is vulnerable.

    http://wordpress.org/extend/plugins/amazon-s3-uploads/

  2. atvdev
    Member
    Plugin Author

    Posted 1 year ago #

    I'm sorry for the inconvenience. If you have versioning enabled you can retrieve your files as it says here
    http://blog.cloudberrylab.com/2010/01/how-to-manage-amazon-s3-versioning-with.html

  3. WStringer2
    Member
    Posted 1 year ago #

    Hi atvdev,

    Thanks! Unfortunately versioning hadn't been enabled on that bucket...doh!

    It's a fairly easy fix, and it's unlikely to happen accidentally, but it is possible. We're still not sure if it was just a weird image name that one of our editors added, or if it was done on purpose (our access logs were removed just as we started investigating....it was a comedy of errors!)

    If you'd like details on how to reproduce the error just let me know. I emailed you last week so you should have my address.

  4. atvdev
    Member
    Plugin Author

    Posted 1 year ago #

    Hello,
    yes I have seen your emails and I have decided to leave the files with "+" in name as is, on the local server.

    So there is no more special_rewrite. Generally, in the last update I tried to remove any interference with the wordpress basic db.

    I apologize for your data loss...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic