wp-cerber-RANDOM_HASH folders in wp-content

  • Resolved shad0vv

    (@shad0vv)


    6 years, 7 months ago

    Hi,

    plugin creates a lot of folders named like:

    wp-cerber-0GKRQ8WE1FON756XMCU
    wp-cerber-79UR6S4QVFWBHM0T3
    wp-cerber-9253TKXYUJB7DL4HS
    wp-cerber-OAD6FYL9ZMVPKUE1

    in /wp-content/uploads/ server folder with .htaccess file inside.

    Why, what for???

    I use Windows 2012R2 Server with IIS. Thank You in advance!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    Those folders have been created by the malware scanner. Normally you should see only one folder this kind. If the plugin is unable to get access to the folder or an appropriate website setting which is used to store the folder name is lost/deleted, the plugin tries to create a new folder. Perhaps you have multiple WP instances on your server which share the upload folder some way.

    • This reply was modified 6 years, 6 months ago by gioni.

    Check your webserver log, as there might be some errors logged.

    In my case, the directories were created with 644 permissions (missing ‘x’) and then creating the .htaccess file failed during fopen() and the temp directories were not cleaned up.

    Setting the correct default ACL for the uploads directory (owned by the webserver’s user) solved the issue for me:

    setfacl -R -d u::rwx uploads
setfacl -R -d g::rwx uploads

    Now, the temp directories are created with 754 permissions, which allows the malware scanner to complete.

    • This reply was modified 6 years, 6 months ago by Simon.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘wp-cerber-RANDOM_HASH folders in wp-content’ is closed to new replies.