Hacked my site

  • Though the problem mentioned by all other below here is true i.e. exec() is ever required which never gets up and running! I came across another issue. When I tried deleting this plugin, it left some residues in my /wp-content/ewwww folder like: pngquant, optipng, jpegtran-custom, jpegtran, gifsicle. I don’t know what extensions are for those files!! Even FileZilla couldn’t determine its Filetype.

    Furthermore, it automatically changed Owner/Group to somebody else and setting File Permissions to 755!! I’ve contacted my host provider to delete it for me!! Waiting for their reply..

    This plugin didn’t work for me and was frustrating to delete this residues it left after uninstall!! Very buggy!! :((

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi I understand your point of view when something goes wrong. This happens from time to time.

    In regards to this plugin, I have been using this plugin on a few websites without any issues. I also checked the file permissions just to make sure they are correct as per your comment above.

    Did you report this issue to the developer? I am sure he would have helped you to find a solution.

    Kind regards

    Plugin Author nosilver4u

    (@nosilver4u)

    This is not buggy, this is intentional behavior. The intent is that the binaries are retained across plugin upgrades, or even if the plugin is only temporarily being removed or deactivated (yes, some users do that). The binaries do not have extensions, because they are linux binaries where almost no binaries (executables) have file extensions. On most operating systems (Windows really stinks in this regard), the filetype is not determined by the file extension. It is determined by a ‘magic’ database that contains signatures for tons of different filetypes (it really IS named that, but it isn’t really magic). This plugin does not change the ownership of any files on your server, only the file permissions (read, write, and execute abilities). Your webserver process could run as a different user than what you use to login, so that would result in the files having a different owner when they are copied from the plugin folder.

    The exec() function is only a security risk if abused, and I have taken extensive precautions to minimize any perceived vulnerabilty. It has been audited several times by the www.remarpro.com team, and by countless other users from the community. If you really don’t like exec(), then you can use the EWWW IO Cloud service, which transfers all the processing and risk to me.

    Regards,
    Shane Bishop
    Lead (and only) EWWW IO Developer

    “This plugin does not change the ownership of any files on your server, only the file permissions (read, write, and execute abilities). Your webserver process could run as a different user than what you use to login, so that would result in the files having a different owner when they are copied from the plugin folder.

    The exec() function is only a security risk if abused, and I have taken extensive precautions to minimize any perceived vulnerabilty. It has been audited several times by the www.remarpro.com team, and by countless other users from the community. If you really don’t like exec(), then you can use the EWWW IO Cloud service, which transfers all the processing and risk to me.”

    ………….I am interested in downloading this plugin and can use the paid version. Though, after reading the statement above by the Plugin author, I have the following questions:
    The Author states that this Plugin does not change ownership of files, just the permissions (read, write, and execute abilities)
    Question: Who does it change the permissions to? Who or what would now have such permissions?

    You indicate the owner remains the same because the Server process could run as a different user.
    Question: That is clear, though does that mean the different owner is basically bogus?

    Thank You in advance for your consideration

    Plugin Author nosilver4u

    (@nosilver4u)

    @wsan1, start a new thread please.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hacked my site’ is closed to new replies.