Permissions changed

  • Resolved kernvy

    (@kernvy)


    2 years, 5 months ago

    My hosting company was running a security check and they alerted me to what appears to be a Complianz file – see below – that had unsecured 777 permissions. I’ve never touched this file and I am the only person with access to the website so I’m wondering if this was a hacker test to see what’s possible.

    …/wp-content/uploads/complianz/tmp/1615325393/ttfontdata

    Why would they change permissions on this file, and if it was a setting you inadvertently left on accident, why haven’t future updates corrected it?

    Can I delete this file with no problems?

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    Hi @kernvy,

    I just checked this on some of our own websites, and some test websites. The file is created with the default on the webserver, which in all cases I checked was 644, a good default value. So I think that this file was probably created at a time when the default on your server was (probably temporarily) 777.

    The tmp folder can be deleted/emptied without issues. It is used during generation of pdf files.

    I’ll add a function in the plugin to clear it after, which is cleaner, you’ll get props for bringing it to our attention of course!

    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    The fix for this is ready, to be released in a few weeks. If you’d like to test the branch let me know.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Permissions changed’ is closed to new replies.