Support » Plugin: UpdraftPlus WordPress Backup Plugin » lfd suspicious files

  • Resolved dubh

    (@spmcnerd)


    Why does this plugin drop writable file in public tmp/ for anyone to modify?

    File: /tmp/public_html.20356221.225017/public_html/wp-includes/class-http.php
    Reason: Script, file extension
    Owner: borang:borang (518:517)
    Action: Moved into /var/lib/csf/suspicious.tar

    https://wordpress.org/plugins/updraftplus/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author David Anderson

    (@davidanderson)

    Hi,

    Sir, I never started beating my wife!
    https://en.wikipedia.org/wiki/Loaded_question

    i.e. There is no such code. UD only has code to create zip files, not to create copies of individual files… and the various PHP zip modules all create their temporary files (which are again all zip files, not copies of individual files) in wp-content/updraft.

    David

    Lady, I doubt you have a wife pussy.
    Judging by your answer this code leaves a big hole for hackers.

    Plugin Author David Anderson

    (@davidanderson)

    To speak plainly: you’re in the wrong forum… something else has created those files on your server, but not UD.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘lfd suspicious files’ is closed to new replies.