Package downloaded by ???

  • Resolved gpatters

    (@gpatters)


    7 years, 4 months ago

    Hi,
    Created a fresh backup of our working WordPress site yesterday, downloaded and installed it on a another server for testing purposes. All went well.

    However… this morning I checked the working server access log and found that this new package archive.zip file, with its unique and non-guessable name, had been downloaded by a 3rd party. The IP address doing the download is supposedly a Microsoft IP address (40.118.236.227) which makes this even stranger.

    We’ve since cleared out all packages, changed all user and database passwords and implemented restricted access on our wp-snapshots directory but am wondering if anyone else has seen anything like this. It is very inconvenient to have this sort of thing happening.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Cory Lamle

    (@corylamleorg)

    7 years, 4 months ago

    Hey @gpatters,

    We have never had that reported. The only way to easily get that (that we know of) is if your server had directory browsing enabled, the source was able to get into your wp-admin or the source did indeed know the name of the package which would be highly unlikely.

    If you wanted to add an extra layer of protection you could add a .htpasswd file to the wp-snapshots directory which would add a password prompt when access to that directory takes place.

    Hope that helps~

    Thread Starter gpatters

    (@gpatters)

    7 years, 4 months ago

    Indexing disabled on the site and no activity like that in the server logs – they went straight for the ***_archive.zip. Seems to indicate an issue outside of Duplicator’s jurisdiction.

    Will add some extra .htaccess protection to wp-snapshots directory. Might be something to note for others – it is a PITA as the archive.zip provides a view of everything.

    Cory Lamle

    (@corylamleorg)

    7 years, 4 months ago

    I would also encourage the use of the installer password when you create the package (step 1 under installer section) and instant removal of all installer files when you have completed an install.

    Thanks~

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Package downloaded by ???’ is closed to new replies.