Support » Plugin: BackWPup - WordPress Backup Plugin » FTP Passwords lost after system update

  • Hello!

    Thanks for your great plugin, but unfortunately currently it had run into problems.
    Yesterday I updated the complete LAMP stack to the new Nginx and PHP-FPM version coming with Ubuntu 19.04 on two different systems. WordPress itself seemed ok, my sites were working.
    But tonight I received error mails from the BackWPup plugin from all updated WordPress instances:
    FEHLER: Antwort des FTP-Servers: 530 Login incorrect

    This was reproducable, I started the backup job manually, but with the same problem. On one system the backup is stored to two different targets, both of them didn’t work.

    I checked the connection with WinSCP (FTP, Port 21, explicit SSL-FTP), but this worked as expected.

    So I entered the password again in the BackWPup job target tab and started the job. This was successful, so the main problem was solved. But I would like to understand the reason. Are passwords stored according to a kind of ID, which is dependent on the PHP version? Is this a feature?

    Thanks in advance &
    Kind regards,
    Ralf

    The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)
  • Off-topic: Please avoid using Ubuntu 19.04 as it has a short life span of only 9 months. Please use LTS releases instead, as they have 5-year life cycle and are mostly bug-free.

    Short term releases get very less priority in terms of bug fixes, except for security issues.

    Plugin Support duongcuong96

    (@duongcuong96)

    Hi @geschke

    So I entered the password again in the BackWPup job target tab and started the job. This was successful, so the main problem was solved. But I would like to understand the reason.

    It because of you entered a wrong password to BackWPUp job setting, so after entering the correct one, it works 🙂

    I personally agree with you notice about Ubuntu 19.04, on the server environment, better use LTS version of Ubuntu 🙂

    Hi @duongcuong96 !

    No, the password was correct. Maybe I had to explain it better: The system was an Ubuntu 18.10 version, it ran successfully since several months – WordPress, the plugins and everything, especially BackWPup. I didn’t change the password in the BackWPup jobs (there were two jobs with two different FTP targets). The passwords were saved in the BackWPup configuration, and with the same passwords the login was successful in the last few months. But after the update they didn’t work anymore.

    After entering the same passwords again, the logins were successful again. So I guess that password storage in BackWPup is dependent on the underlying system, some libraries or something else? Maybe because of encrypting the passwords?

    @pothi Thanks for your remark, but I know the release cycle of LTS and normal versions, so please let me use the version I prefer. I have optimized the update process, it’s a one-liner with the help of Docker, and I like to use the latest libraries. It isn’t an enterprise deployment, so back to topic. 😉

    Got your point. Thanks for the details. Just now, I noticed that you have a strong devops background. No wonder you know what you are doing. 😉 I’d appreciate if you share more info on your environment after this topic is resolved.

    I also would like to know (from the plugin author) on why the passwords became void after the change in underlying environment. This seems to be an interesting issue.

    @pothi Thank you for your nice comment! 🙂 And although this is off-topic, I’ve written an some articles about my installation (sorry, German only, maybe Google translate can help): https://www.kuerbis.org/2018/04/howto-wordpress-im-docker-swarm-mode-mit-nginx-proxy-auf-einem-host/

    In the last section the update is described – the command is:
    docker service update –image <name_of_new_image> <service_name>, e.g.
    docker service update –image geschke/php-fpm-swrm geschkename_phpbackend_geschkename

    If you have questions, don’t hesitate to drop me a mail or use the feedback formular on my website.

    Kind regards,
    Ralf

    Thank you. A lot of digest. I will go through one by one. Appreciate all the info provided here and in the blog. I will contact you via email or contact form if I have any further questions.

    Thanks again,
    Pothi.

    I think I found the reason. In the class BackWPup_Encryption_OpenSSL BackWPup tries to detect cipher methods of OpenSSL (method cipher_method() ) . This is later used to encrypt and decrypt all kinds of passwords in BackWPup. I tested the previous version (Ubuntu 18.04 image) vs. current version (Ubuntu 19.04 image). The Dockerfile to generate the image did not change, I’ve just set a new base image (FROM ubuntu:disco instead of ubuntu:bionic).

    Here is the output of some tests of the 18.04 version:

    
    root@dc48b862fbd2:/phptest# php -v
    PHP 7.2.10-0ubuntu0.18.04.1 (cli) (built: Sep 13 2018 13:45:02) ( NTS )
    Copyright (c) 1997-2018 The PHP Group
    Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.10-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies
    
    
    root@dc48b862fbd2:/phptest# php -i | grep -i openssl
    SSL Version => OpenSSL/1.1.0g
    openssl
    OpenSSL support => enabled
    OpenSSL Library Version => OpenSSL 1.1.0g 2 Nov 2017
    OpenSSL Header Version => OpenSSL 1.1.0g 2 Nov 2017
    Openssl default config => /usr/lib/ssl/openssl.cnf
    openssl.cafile => no value => no value
    openssl.capath => no value => no value
    Native OpenSSL support => enabled
    

    So OpenSSL is enabled and should work.

    Then I extracted the code fragment of cipher_method():

    At first, a list of all cipher methods is created by openssl_get_cipher_methods(). After that, BackWPup tries to match one of three “preferred methods”:

    
    $preferred = array( 'AES-256-CTR', 'AES-128-CTR', 'AES-192-CTR' );
    

    If one of these methods, i.e. strings is found in the list, it will be returned and stored as class property.

    With the above version the first found method is AES-256-CTR.

    Now the results of the newer Ubuntu 19.04 image:

    
    root@d894c15e6329:/phptest# php -v
    PHP 7.2.17-0ubuntu0.19.04.1 (cli) (built: Apr 18 2019 18:01:25) ( NTS )
    Copyright (c) 1997-2018 The PHP Group
    Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.17-0ubuntu0.19.04.1, Copyright (c) 1999-2018, by Zend Technologies
    
    
    root@d894c15e6329:/phptest# php -i | grep -i openssl
    SSL Version => OpenSSL/1.1.1b
    libSSH Version => libssh/0.8.6/openssl/zlib
    openssl
    OpenSSL support => enabled
    OpenSSL Library Version => OpenSSL 1.1.1b 26 Feb 2019
    OpenSSL Header Version => OpenSSL 1.1.1b 26 Feb 2019
    Openssl default config => /usr/lib/ssl/openssl.cnf
    openssl.cafile => no value => no value
    openssl.capath => no value => no value
    Native OpenSSL support => enabled
    

    OpenSSL is enabled again, the versions are updated, This seems ok again.

    But when I run the test with this version, nothing is returned! None of the “preferred methods” is found.
    In this case BackWPup uses the first cipher method found in the list – in my case it is “aes-128-cbc“.

    So decrypting a password which was encrypted with a different cipher must go wrong.

    The reason is that the upperclass versions of cipher names are missing. This is a known issue (or bug?) with OpenSSL 1.1.1, see https://www.php.net/manual/de/function.openssl-get-cipher-methods.php, first comment, and more on https://github.com/oerdnj/deb.sury.org/issues/990 and the referenced issues.

    Maybe this helps if somebody runs into similar problems after updating OpenSSL.

    Kind regards,
    Ralf

    That was some deep troubleshooting. Thanks for sharing all the info.

    Plugin Support duongcuong96

    (@duongcuong96)

    @geschke Thank you very much for the detailed report.
    I already created an issue to our devs, will back to you all when I have something new.

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.