Publicly accessible config, backup, or log file found

  • Resolved bigfivehost

    (@bigfivehost)


    1 year, 7 months ago

    We just scanned one of our websites https://newszetu.com and found a Publicly accessible config, backup, or log file found and on the scan dashboard we chose to delete all deletable files. The issues we want to clarify are:

    1.Does deleting the action of deleting deletable files remove the vulnerability posed by the publicly available file?

    2. If any attack had occurred prior to this action and before implementing full security headers (which we have now implemented) does this action remove the files that may have been uploaded.

    3.What other actions can we take to ensure future attackes do not happen.Furher how do we ensure that any prior attackes that may have occurred are completely removed?

Viewing 1 replies (of 1 total)
  • Plugin Support wfjanet

    (@wfjanet)

    Hi?@bigfivehost,

    Thank you for reaching out to us.

    As explained in our  Scan Results article, this result shows files that may contain sensitive information that can be served by the web server. It doesn’t mean your site has been compromised.

    This may be backup copies of files, like a copy of “wp-config.php” under another name, log files, or configuration files.

    The action you take depends on the file that’s accessible. Some files like the .user.ini are required for your site to work properly. The hide option is best for these.

    If you know that the file is not needed by your site, you can simply remove the file. This is often the case with files like “wp-config.bak”, which may be a backup copy of your “wp-config.php” file. 

    I hope this is helpful. Let me know in case you have any further questions.

    Thanks,

    Janet

Viewing 1 replies (of 1 total)
  • The topic ‘Publicly accessible config, backup, or log file found’ is closed to new replies.