Updraft files being modified

  • Resolved hollyberbz

    (@hollyberbz)


    8 years, 11 months ago

    I’m using the most updated version of Updraft. I also have Wordfence installed which is telling me that these files were modified, and I’m not sure if it means our site is hacked or not… can you verify? Thank you!

    wp-content/plugins/updraftplus/oc/guzzle/Guzzle/Http/QueryAggregator/DuplicateAggregator.php
    wp-content/plugins/updraftplus/oc/guzzle/Guzzle/Http/QueryAggregator/PhpAggregator.php
    wp-content/plugins/updraftplus/oc/guzzle/Guzzle/Http/QueryString.php
    wp-content/plugins/updraftplus/oc/guzzle/Guzzle/Http/composer.json
    etc…

    https://wordpress.org/plugins/updraftplus/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author David Anderson

    (@davidanderson)

    8 years, 11 months ago

    Hi,

    Likely hackers have broken into your WordPress site, and placed their code in as many files as they could.

    Note that once hackers break in, they try to place code everywhere – so, if the code has been placed in UpdraftPlus, that doesn’t mean that they haven’t placed it elsewhere too (they probably have) or that they broke in using UpdraftPlus (in a typical WP install, all files have the same permissions, so after breaking in anywhere, you can over-write anything).

    You’ll want to replace any plugins that WordFence is showing differences for with a clean copy; and make sure everything’s up to date, and change passwords for all users, etc.

    Best wishes,
    David

    PaulMyatt

    (@paulmyatt)

    8 years, 2 months ago

    I’ve just seen the same thing on a client’s site. Here’s the WordFence report:

    Recently Modified Files
    febrero 18, 2016 3:41pm
    wp-content/plugins/updraftplus/vendor/guzzle/guzzle/src/Guzzle/Service/Resource/ResourceIteratorFactoryInterface.php
    febrero 18, 2016 3:41pm
    wp-content/plugins/updraftplus/vendor/guzzle/guzzle/src/Guzzle/Service/Exception/ValidationException.php
    febrero 18, 2016 3:41pm
    wp-content/plugins/updraftplus/vendor/guzzle/guzzle/src/Guzzle/Service/Exception/ResponseClassException.php
    febrero 18, 2016 3:41pm
    wp-content/plugins/updraftplus/vendor/guzzle/guzzle/src/Guzzle/Service/Resource/CompositeResourceIteratorFactory.php
    febrero 18, 2016 3:41pm
    wp-content/plugins/updraftplus/vendor/guzzle/guzzle/src/Guzzle/Service/Resource/ResourceIteratorApplyBatched.php
    febrero 18, 2016 3:41pm
    wp-content/plugins/updraftplus/vendor/guzzle/guzzle/src/Guzzle/Service/Resource/ResourceIteratorClassFactory.php
    febrero 18, 2016 3:41pm
    wp-content/plugins/updraftplus/vendor/guzzle/guzzle/src/Guzzle/Service/Resource/ResourceIteratorInterface.php
    febrero 18, 2016 3:41pm
    wp-content/plugins/updraftplus/vendor/guzzle/guzzle/src/Guzzle/Service/Resource/Model.php
    febrero 18, 2016 3:41pm
    wp-content/plugins/updraftplus/vendor/guzzle/guzzle/src/Guzzle/Service/Exception/CommandException.php
    febrero 18, 2016 3:41pm
    wp-content/plugins/updraftplus/vendor/guzzle/guzzle/src/Guzzle/Service/Exception/ServiceBuilderException.php

    Plugin Author David Anderson

    (@davidanderson)

    8 years, 2 months ago

    You’ll want to check that your site’s not been hacked. There’s no reason for those files to be modified.

    When a hack happens, finding out which files the hackers modified doesn’t indicate how they got in – because, once they get in, they can modify anything. Modifying popular plugins is common, because popular plugins are more likely to exist on the site, and so they’re looked-for first.

    David

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Updraft files being modified’ is closed to new replies.