Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by on Wednesday, 18 August 2021 20:17 CDT
While scanning the security exceptions log I noticed this:
COM_ADMINTOOLS_LBL_SECURITYEXCEPTION_REASON_DFISHIELD https://mydomain/mdocs-posts/?mdocs-img-preview=../wp-config.phpI've never seen someone specifically target your plugin, so thought you might find it useful.
Also, not to beat a dead horse, but will you ever add a function to easily export the security log, for inclusion to government entities for investigation?
This is not weird, it comes from the DFIShield feature we removed. This was triggered every time a request includes a relative or absolute path to a file on your site. Unfortunately many WP plugins use exactly this kind of paths so people ended up disabling this feature anyway.
As you can see, someone tried to have the image preview in your MemphisDocuments Library plugin go through your wp-config.php file in hope they would trick it into dumping the contents of the .php file. And no, this plugin is not ours so nobody is targeting our plugin :)
Regarding the security log, I've already explained that this is just a simple database table. You can export it with phpMyAdmin or even create an Excel integration which pulls directly from your site's MySQL database. If you Google it there are very well documented instructions for doing so. I had been doing something like that to get sales stats about ten years ago.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
