Duplicator leaves behind installer folder (world writable)

  • Resolved hetkanbeteronline

    (@hetkanbeteronline)


    9 months, 1 week ago

    We are starting to receive reports from our security suite during nightly scans that developer installed duplicator archives are leaving behind a 777 folder with following path example */*/public_html/wp-snapshots/installer/original_files_4697295-20093027/

    We at first thought it might be some sloppy aftercare in which installation files where not cleaned by users after installation but that seems to not be the case.

    Back-end wordpress reports no files left behind and folder remains untouched when pressing the assigned clean cache and delete install files under page=duplicator-tools&tab=diagnostics

    Attached video example available until 21-03-2024
    https://screenpal.com/content/video/cZnr6xVKnZp

    install log available below and is scrubbed of private information
    https://pastebin.com/Pru6t0Ui

    CloudLinux 8.9.0 standard kvm
    WordPress 6.4.3
    Duplicator 1.5.8.1

    Best regards,
    IT Management HKBO

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Duplicator leaves behind installer folder (world writable)’ is closed to new replies.