Alert from host

  • Resolved thomastolkien

    (@thomastolkien)


    2 years, 5 months ago

    Our hosting provider for one of our sites alerted us to a DDOS attack on a particular file that apears to have been uploaded by your plugin after the most recent plugin update.

    Our hosting provider has disabled your plugin pending further investigation.

    The specific file is:

    wp-content/uploads/wpo/module-loaded/mime/server-signature/test.php

    Please can you have a look into this and advise?

    Thanks.

Viewing 7 replies - 1 through 7 (of 7 total)

  • @thomastolkien The file seems to be legitimate WP-Optimize file, does WP-Optimize works fine on other sites?

    Thread Starter thomastolkien

    (@thomastolkien)

    I have no idea. The host disabled the plugin and I only have it installed on one site.

    What is this file and what does it do? Why is it being targeted? Is it a security vulnerability?

    wp-content/uploads/wpo/module-loaded/mime/server-signature/test.php

    Please can you have a look into this and advise?

    Thanks.

    @thomastolkien The file has legitimate code, it seems to be false positive case, you can tell your host to enable the plugin as the code doesn’t contain and malicious code

    Thread Starter thomastolkien

    (@thomastolkien)

    The host is refusing to allow the plugin until they know what the purpose of the file is.

    So as previously requested,

    What is this file and what does it do? Why is it being targeted?

wp-content/uploads/wpo/module-loaded/mime/server-signature/test.php

Please can you have a look into this and advise?

    Thanks.

    Thread Starter thomastolkien

    (@thomastolkien)

    After reading other people’s comments about the plugin breaking sites, I’m just going to remove this plugin. The final straw was trawling through the changes to my site caused by updating your plugin to the latest version last night and finding lots of junk files like these:

    wp-content/uploads/wpo/module-loaded/rewrite/content-digest/request-me.txt

    contents: “thanks”.

    wp-content/uploads/wpo/module-loaded/mime/content-digest/request-me.txt

    contents: “thanks”.

    wp-content/uploads/wpo/module-loaded/headers/content-digest/request-me.txt

    contents: “thanks”.

    wp-content/uploads/wpo/module-loaded/headers/content-digest/request-me.txt

    contents: “thanks”.

    /wp-content/uploads/wpo/content-digest/on/request-me.txt

    contents: “hi”

    @thomastolkien

    Totally agree. WP Optimize broke one of my sites, and I’ve started seeing files like “request-me.txt” and “test.php” in the reports generated by Wordfence. If this is supposed to be legitimate it’s really strange and unprofessional behavior by the devs.

    I’ve now blacklisted WordPress Optimize from all my servers.

    Seeing these same “Thanks” and “Hi” PHP files in wp-content/uploads/. I rolled back to 3.2.3 and it appears to have fixed the 503 errors.

    This experience is disappointing and I’ll be avoiding Updraft products going forward.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Alert from host’ is closed to new replies.