Title: [Plugin: Snapshot Backup] ftp_connect errors in PHP error log Last modified: August 20, 2016 --- # [Plugin: Snapshot Backup] ftp_connect errors in PHP error log * [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [14 years, 10 months ago](https://wordpress.org/support/topic/plugin-snapshot-backup-ftp_connect-errors-in-php-error-log/) * Hello, * php error: [20-Aug-2011 16:56:16] PHP Warning: ftp_connect() [[function.ftp-connect](https://wordpress.org/support/topic/plugin-snapshot-backup-ftp_connect-errors-in-php-error-log/function.ftp-connect?output_format=md)]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /home1/ xxxxxx/public_html/wp-content/plugins/snapshot-backup/includes/sendaway.php on line 13 * I noticed php errors were occurring every 1 to 2 minutes in a php error log on a site that i am looking at. The frequency of the ftp_connect errors is in minutes below for a series of these ftp_connect errors was: 1:46 1:00 1:37 1:31 1:23 1:35 1:59 This particular site did not have ftp info added (password, etc) and was not set to automatically perform snapshot backups – ie Do not perform automatic backups. * What concerns me is that when i look at the coding in /includes/sendaway.php is that i do not see any security checking in the code. I see this >>> // connect to host $conn = ftp_connect($host); * but shouldn’t there be some security checking going on here? if (current_user_can(‘ manage_options’)) { The WordPress Settings API that this plugin is using for DB options does perform security checking (nonce) automatically, but still shouldn’t there be a security check here to make sure the ftp_connect function cannot be executed by anyone that is does not have manage_options or other admin permissions? Thanks. * [http://wordpress.org/extend/plugins/snapshot-backup/](http://wordpress.org/extend/plugins/snapshot-backup/) Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [Jay Versluis](https://wordpress.org/support/users/versluis/) * (@versluis) * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-snapshot-backup-ftp_connect-errors-in-php-error-log/#post-2254047) * Good point.. * I’ve implemented this check at the beginning of the plugin once, but not explicitly before every single command execution. * I’m not a PHP coder so any help on making this thing better is appreciated. * Thread Starter [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-snapshot-backup-ftp_connect-errors-in-php-error-log/#post-2254048) * I downloaded the latest version and see the new code you added, but this only blocks someone from accessing snapshot-backup.php directly. * I simpler way to accomplish this is to put this at that top of all your plugin pages. * // Direct calls to this file are Forbidden when core files are not present if(! function_exists(‘add_action’) ){ header(‘Status: 403 Forbidden’); header(‘HTTP/ 1.1 403 Forbidden’); exit(); } * if ( !current_user_can(‘manage_options’) ){ header(‘Status: 403 Forbidden’); header(‘HTTP/1.1 403 Forbidden’); exit(); } * You should be checking the referrer and have nonces on all your forms, except for the forms that are using the WordPress Settings API. * if (isset($_POST[‘bps-view-phpinfo’]) && current_user_can(‘manage_options’)) { check_admin_referer( ‘bps-view-phpinfo-check’ ); * Then in your form add this * You still have not secured the sendaway.php file. It is very, very easy to hack. 🙁 * // connect to host $conn = ftp_connect($host); * Change it to this * // If in WP Dashboard or Admin Panels if ( is_admin() ) { // If user has WP manage options permissions if ( current_user_can(‘manage_options’)) { // connect to host ONLY if the 2 security conditions are valid / met $conn = ftp_connect( $host); * You need to do this kind of security checking throughout your coding. It is better to do security overkill then to not have every single potentially dangerous vulnerability secured. Thanks, Ed * [milican](https://wordpress.org/support/users/milican/) * (@milican) * [14 years, 7 months ago](https://wordpress.org/support/topic/plugin-snapshot-backup-ftp_connect-errors-in-php-error-log/#post-2254050) * I am having the same problem. Thanks for the effort with the plugin, but I’m deleting until the security issues above are addressed. I have experienced the errors above, and will try again later. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘[Plugin: Snapshot Backup] ftp_connect errors in PHP error log’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/snapshot-backup.svg) * [Snapshot Backup](https://wordpress.org/plugins/snapshot-backup/) * [Frequently Asked Questions](https://wordpress.org/plugins/snapshot-backup/#faq) * [Support Threads](https://wordpress.org/support/plugin/snapshot-backup/) * [Active Topics](https://wordpress.org/support/plugin/snapshot-backup/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/snapshot-backup/unresolved/) * [Reviews](https://wordpress.org/support/plugin/snapshot-backup/reviews/) * 3 replies * 3 participants * Last reply from: [milican](https://wordpress.org/support/users/milican/) * Last activity: [14 years, 7 months ago](https://wordpress.org/support/topic/plugin-snapshot-backup-ftp_connect-errors-in-php-error-log/#post-2254050) * Status: not resolved