Hosting provider found security issues

  • Resolved brendaelizabeth

    (@brendaelizabeth)


    1 year, 3 months ago

    Hi,

    I received this email just now. I am not too interested in changing my passwords every time the bot scans for security issues. Is there anything that can be done or do I have to delete this plugin?

    We have recently scanned one or more users on your account for potential security threats. Unfortunately, we found some potential indications that your website(s) *may* be compromised.

    We understand that this may not be the best news you can get. This notification is intended to help you through the process and serve as a starting point to assist you in getting your account cleaned and secured. While we won’t be able to complete these processes for you, if you have any questions about the items that follow please don’t hesitate to reply to this email and we will be happy to clarify any points or offer any further guidance to help you through getting your account back to normal.

    The following files/directories had insecure permissions (777), which have been remediated.

    wp-content/uploads/complianz/tmp/1691025607/mpdf
    wp-content/uploads/complianz/tmp/1691025607/mpdf/ttfontdata

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Aert Hulsebos

    (@aahulsebos)

    Hi @brendaelizabeth,

    These are not files in the plugin itself, but in the public uploads folder. The subfolders and files should be set to 755, or will inherit the permissions of the uploads folder itself. An example, where the numbers after the folders mention the permissions: https://snipboard.io/BRKVhf.jpg

    You can see the folders as mentioned above.

    Everything after /tmp/ is temporary and used to create a Proof of Consent PDF. It’s randomly named and cleaned after a PDF is created, so accessing these files is nearly impossible.

    I will double-check at our end, if there’s a slight possibility the permissions might set to 777, otherwise it might be a false positive. I wouldn’t worry in the meantime.

    I’ll get back to you, regards Aert

    Plugin Contributor Aert Hulsebos

    (@aahulsebos)

    Hi @brendaelizabeth,

    We checked and the permissions are set to 755. I would suggest removing the wp-content/uploads/complianz/tmp/ folder so it can be created again when a new PDF is generated.

    As mentioned before, the files mentioned by your hosting provider are always cleaned on PDF generation and random, so I wouldn’t worry and after removing the folder wouldn’t expect another email.

    regards Aert

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Hosting provider found security issues’ is closed to new replies.