777 10 jili casino register online,Jili88 download free android.Recharge Every day and Get Bonus up-to 50%!

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)

Forum: Plugins
In reply to: [WP Offload Media Lite for Amazon S3, DigitalOcean Spaces, and Google Cloud Storage] S3 Bucket Files Deleted
Thread Starter tazeemk
(@tazeemk)

10 months ago
Hi,

I raised few question but this thread is being marked resolved without answering those questions! Can you please answer those questions?

Additional Information:
- Did Offload Media experience any recent security vulnerabilities that could have exposed user credentials?
- Are there any additional security measures recommended within the plugin settings to minimize the risk of unauthorized access?
Thank you.
Forum: Plugins
In reply to: [WP Offload Media Lite for Amazon S3, DigitalOcean Spaces, and Google Cloud Storage] S3 Bucket Files Deleted
Thread Starter tazeemk
(@tazeemk)

10 months ago
Hi WP Offload Media Support Team,

Thank you for your swift response and insights into the potential cause of the missing data in my S3 bucket.

I appreciate you confirming that the compromised IAM user credentials are likely the root of the issue.

Security Concerns with Offload Media:

However, I’d like to raise a specific concern regarding the security of the Offload Media plugin itself. In another forum thread, I encountered a similar situation where data loss happened on S3 bucket Offload Media.

Since the IAM user credentials are stored within the plugin’s settings, is there a possibility that the plugin itself might be susceptible to security breaches, leading to unauthorized access to the credentials?

While my website logs haven’t shown any signs of an attack, I’d like to explore all potential avenues to understand how the credentials might have been compromised.

Additional Information:
- Did Offload Media experience any recent security vulnerabilities that could have exposed user credentials?
- Are there any additional security measures recommended within the plugin settings to minimize the risk of unauthorized access?
Suspicious Activity:

Furthermore, upon discovering the missing data, I encountered a file named “warning.txt” within my S3 bucket. This file contained a threat message demanding a ransom for the alleged recovery of the lost data.

The presence of this file raises additional concerns about the potential cause of the compromised credentials. Could a vulnerability in Offload Media have allowed attackers to gain access and leave this message?

Here is the warning.txt message.

!!! WARNING !!! !!! WARNING !!! !!! WARNING !!! !!! WARNING !!! To recover your lost files and avoid leaking it: In case of ignoring this message, all personal data will be published publicly open to everyone as well as traded on the Darknet. We will be the ones to mass mail all your clients with all links to where their personal data is open and traded. Send us 0.3 Bitcoin (BTC) to our Bitcoin addresses Price is not standard, depend on your data.Contact us by email to confirm mailto:[email protected] for the user with access key ****************************2022-02-06 15:41:22 ************.com2022-01-18 07:30:31 ************.com2023-09-15 07:49:16 ************.comFolder Names:************.com************.com************.comFolder: ************.comNumber of files: 94683Total size (GB): 16.09 GBFolder: ************.comNumber of files: 3541Total size (GB): 0.11 GBFolder: ************.comNumber of files: 687Total size (GB): 0.05 GBLinuxtar xzvf recovery****************.tgzchmod +x recovery./recovery You need to be authenticated into aws-cli with credentials to perform restorerun -> aws configure and authenticate if you are not already !Once the recovery starts, you need to be sure your connection does not drop, your computer does not crash Once you contact us we will explain how to avoid further attacks.Contact us by email to confirm and attach file warning.txtmailto:[email protected] S3 backupYour files are downloaded and backed up on our servers. If we dont receive your payment in the next 5 days, we will sell your files to the highest bidder or use them otherwise or permanently deleted. We also extract sensitive informations.
Forum: Plugins
In reply to: [WP Offload Media Lite for Amazon S3, DigitalOcean Spaces, and Google Cloud Storage] S3 bucket empty and data lost

tazeemk
(@tazeemk)

10 months ago

Hi Prob,

Were you able to get any solution? I am facing similar issue. And it happened only last week.

Tazeem.

Viewing 3 replies - 1 through 3 (of 3 total)