E verdade na kahulugan translation english to tagalog.Makakuha ng libreng 700pho sa bawat deposito

tazeemk
(@tazeemk)

10 months ago

Hello everyone,

I am currently facing a severe issue where all folders and files in my AWS S3 bucket have mysteriously disappeared. This problem surfaced unexpectedly when my website failed to load, which led us to discover the current state of our AWS S3 bucket.

Here’s what we know:

The S3 bucket was accessed using IAM User credentials configured within the settings of the “Offload Media” plugin used on our website.
We have not made any changes to the plugin or the website configuration recently. The data loss was only identified due to the website loading issues.
After the data went missing, a new folder appeared in the bucket containing a “recovery” file. The name of this file includes the IAM User’s AccessID, raising significant concerns.
In light of this, I am seeking advice on several key issues:

Data Recovery: Are there any methods available for recovering the deleted data from the S3 bucket?
Preventive Measures: What preventive actions can be taken to protect our S3 buckets from similar incidents in the future?

Thank you very much in advance for your time and assistance.

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Support Delicious Brains Support
(@dbisupport)

10 months ago

Hi there!

WP Offload Media Support Team here! Thanks for reaching out with your query we would be happy to assist.

Based on the description of the issue, it seems like your IAM user credentials were compromised.

I’m afraid it would be hard to identify what exactly caused this but one of the ways this could happen is if someone had gotten access to your site’s database and/or your server which caused the credential leak.

Depending if you stored your access keys via database or wp-config.php would likely determine which part of your site was accessed.

With this in mind, this is a security issue that we recommend reaching out to your host for further assistance and information.

You can also try and reach out to AWS support. They may have some access logs in place that could help trace how this happened.

Data Recovery: Are there any methods available for recovering the deleted data from the S3 bucket?

> If you haven’t enabled “Remove Local Media” and the files are still on your server then you can just re-offload the files to your bucket.

However, if the files don’t exist on both your server and bucket then I’m afraid the only option would be to reach out to AWS support if they have a way to recover this.

Preventive Measures: What preventive actions can be taken to protect our S3 buckets from similar incidents in the future?

> We recommend defining your access keys in your wp-config.php instead of the database:

https://deliciousbrains.com/wp-offload-media/doc/amazon-s3-quick-start-guide/#save-access-keys

This is a more secured way of defining your access keys because it’s much harder to gain access to your website’s root files than your site’s database. If someone may have gotten access to your website’s root, then you have a bigger problem on hand and it’s recommended to reach out to your host for further assistance.

However, if you’re running your site on an Amazon EC2 instance then the most secured way is to use IAM Roles because you won’t need to store any credentials on either your server or database at all –

https://deliciousbrains.com/wp-offload-media/doc/amazon-s3-quick-start-guide/#iam-roles

Another thing that could help is enabling bucket versioning. We don’t usually talk about bucket versioning, but that does increase the likelihood that files can be recovered if they are deleted by mistake.

But please note that bucket versioning does not provide protection against knowledgeable and motivated attackers that already have access to the AWS IAM credentials.

We hope you get this sorted out! Please let us know if you have any other questions or concerns.
Thread Starter tazeemk
(@tazeemk)

10 months ago
Hi WP Offload Media Support Team,

Thank you for your swift response and insights into the potential cause of the missing data in my S3 bucket.

I appreciate you confirming that the compromised IAM user credentials are likely the root of the issue.

Security Concerns with Offload Media:

However, I’d like to raise a specific concern regarding the security of the Offload Media plugin itself. In another forum thread, I encountered a similar situation where data loss happened on S3 bucket Offload Media.

Since the IAM user credentials are stored within the plugin’s settings, is there a possibility that the plugin itself might be susceptible to security breaches, leading to unauthorized access to the credentials?

While my website logs haven’t shown any signs of an attack, I’d like to explore all potential avenues to understand how the credentials might have been compromised.

Additional Information:
- Did Offload Media experience any recent security vulnerabilities that could have exposed user credentials?
- Are there any additional security measures recommended within the plugin settings to minimize the risk of unauthorized access?
Suspicious Activity:

Furthermore, upon discovering the missing data, I encountered a file named “warning.txt” within my S3 bucket. This file contained a threat message demanding a ransom for the alleged recovery of the lost data.

The presence of this file raises additional concerns about the potential cause of the compromised credentials. Could a vulnerability in Offload Media have allowed attackers to gain access and leave this message?

Here is the warning.txt message.

!!! WARNING !!! !!! WARNING !!! !!! WARNING !!! !!! WARNING !!! To recover your lost files and avoid leaking it: In case of ignoring this message, all personal data will be published publicly open to everyone as well as traded on the Darknet. We will be the ones to mass mail all your clients with all links to where their personal data is open and traded. Send us 0.3 Bitcoin (BTC) to our Bitcoin addresses Price is not standard, depend on your data.Contact us by email to confirm mailto:[email protected] for the user with access key ****************************2022-02-06 15:41:22 ************.com2022-01-18 07:30:31 ************.com2023-09-15 07:49:16 ************.comFolder Names:************.com************.com************.comFolder: ************.comNumber of files: 94683Total size (GB): 16.09 GBFolder: ************.comNumber of files: 3541Total size (GB): 0.11 GBFolder: ************.comNumber of files: 687Total size (GB): 0.05 GBLinuxtar xzvf recovery****************.tgzchmod +x recovery./recovery You need to be authenticated into aws-cli with credentials to perform restorerun -> aws configure and authenticate if you are not already !Once the recovery starts, you need to be sure your connection does not drop, your computer does not crash Once you contact us we will explain how to avoid further attacks.Contact us by email to confirm and attach file warning.txtmailto:[email protected] S3 backupYour files are downloaded and backed up on our servers. If we dont receive your payment in the next 5 days, we will sell your files to the highest bidder or use them otherwise or permanently deleted. We also extract sensitive informations.
Thread Starter tazeemk
(@tazeemk)

10 months ago
Hi,

I raised few question but this thread is being marked resolved without answering those questions! Can you please answer those questions?

Additional Information:
- Did Offload Media experience any recent security vulnerabilities that could have exposed user credentials?
- Are there any additional security measures recommended within the plugin settings to minimize the risk of unauthorized access?
Thank you.
Plugin Support Delicious Brains Support
(@dbisupport)

10 months ago

Hi @tazeemk ,

Could you confirm for us if you are using the latest version of WP Offload Media Lite? Based on the changelogs the last security update was in 3.2.2, so if you are using the latest version you shouldn’t be affected by it.

We have asked help from our dev team if they have knowledge of any recent security vulnerabilities. We’ll let you know once we have an update on this.

Plugin Support Delicious Brains Support
(@dbisupport)

10 months ago

Hi @tazeemk ,

To answer your questions:

Did Offload Media experience any recent security vulnerabilities that could have exposed user credentials?

We fixed a potential security issue in version 3.2.6, January 11th, that was related to serialized content. You can read about the details on our blog:
https://deliciousbrains.com/security-releases-unserialize/

Before that, in May 2023, we released version 3.2.2 that updated to the latest Amazon SDK because of a potential security vulnerability in one of their dependencies.

Our understanding is that both these two vulnerabilities would be very hard to use in an attempt to gain access to the IAM credentials via WP Offload Media.

Please note that any vulnerability that has been present on your site and that gave an attacker read access to the WordPress database and/or file system could have been used in your case. This means that any vulnerable plugin or theme you have on your site, even deactivated ones, is a potential attack vector.

Also note that the IAM credentials may have been stolen in many other ways than a normal code vulnerability in WordPress or one of the plugins or themes. Other common ways for attackers to gain access to secrets includes using poorly protected backup files or too easy to guess passwords.

Are there any additional security measures recommended within the plugin settings to minimize the risk of unauthorized access?

The important thing is to protect the IAM credentials, once they are safe, there’s not really anything you can change in the plugin settings to improve security.

Probably the most secure way is to skip the need for credentials by using an Amazon EC2 instance to host your site. If that’s not an option for you, our next best suggestion is to provide the credentials via wp-config.php as mentioned earlier. If your web host allows you to set environment variables, you may also want to consider storing secrets in environment variables as described in the first code example here:
https://matthewdaly.co.uk/blog/2019/09/22/storing-wordpress-configuration-in-environment-variables/

Not all hosts support environment variables so you need to figure out if that’s an option for you or not.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘S3 Bucket Files Deleted’ is closed to new replies.