How does malware get into the backups?

  • I have used this plugin for a long time. Recently I installed the Wordfence Security plugin also. However the scans indicate that there are several malicious urls in the database backups of WP DBmanager. I definitely did not put them on my site, and they only show up in the db backups. So I suspect that those malicious files somehow find their way into the db backups via some vulnerability. If I ever had to reinstall the database, I imagine I would have some nasty links on my site. Does anyone have any experience with this issue?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter shamakern

    (@shamakern)

    Specifically what seems to be happening according to Wordfence Security is that the WP DBmanager file is changed to an earlier version. The original version is tested up to WP 3.5.1, but then it seems that the file was modified so that now the version which is only compatible up to WP 3.1.1 shows up. At least this is what shows in the code. I hope the developer can shed some light on this. I am using the latest version of WP DBmanager by the way.

    Hello ShamaKern is that warning shown on the text file or a php file?

    The folder that contains the database backup is protected via the .htaccess file. If you are concern of a potential injection then you could download the database locally and if you ever needed to update the database then simply upload it again to the same folder and update your database.

    I hope this helps with your questions.

    Kind regards

    Did you ever get an answer about this? Tonight my WordFence scan reported the same thing. It indicated a link to a dangerous site, Schlegel Photography.

    Hi @dudleyrose is the dangerous link inside the plugin’s database? Or is inside the plugin’s php code?

    No one out the more than 836,000 downloads have reported this issue. I suspect a comment linking back to a website. Remember the plugin only backups your database. If there is a dangerous link somewhere in a comment then the backup will register the dangerous link when using a security plugin like WordFence.

    I hope this helps you.

    Kind regards

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘How does malware get into the backups?’ is closed to new replies.