WordPress.org

Support

Support » Plugins and Hacks » UpdraftPlus WordPress Backup Plugin » [Resolved] lfd suspicious files

[Resolved] lfd suspicious files

  • Why does this plugin drop writable file in public tmp/ for anyone to modify?

    File: /tmp/public_html.20356221.225017/public_html/wp-includes/class-http.php
    Reason: Script, file extension
    Owner: borang:borang (518:517)
    Action: Moved into /var/lib/csf/suspicious.tar

    https://wordpress.org/plugins/updraftplus/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author David Anderson

    @davidanderson

    Hi,

    Sir, I never started beating my wife!
    https://en.wikipedia.org/wiki/Loaded_question

    i.e. There is no such code. UD only has code to create zip files, not to create copies of individual files… and the various PHP zip modules all create their temporary files (which are again all zip files, not copies of individual files) in wp-content/updraft.

    David

    Lady, I doubt you have a wife pussy.
    Judging by your answer this code leaves a big hole for hackers.

    Plugin Author David Anderson

    @davidanderson

    To speak plainly: you’re in the wrong forum… something else has created those files on your server, but not UD.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Resolved] lfd suspicious files’ is closed to new replies.
Skip to toolbar