Diana curativeenergy.com
Posted December 15, 2009 at 6:34 pm | Permalink
My Wordpress browser and flash image uploaders both say: The uploaded file could not be moved to D:\Hosting\3056829\html/wp-content/uploads/2009/12.
I’ve since found this information. http://tweetycoaster.wordpress.com/2009/11/15/full-disclosure-wordpress-2-8-5-unrestricted-file-upload-arbitrary-php-code-execution/
How do I find where line 260 is? Does this fix actually work anyway?
Also, if I were to figure how to restore from my backup made a couple of weeks back, does anyone think that would remove any extra .php files that may be installed?
When 2.9 comes out, will that automatically remove any “bad” stuff that’s already on my server?
__________________________________________
Hope this is okay.
_______________________________________________________
Ed invictatrader.com
Posted December 15, 2009 at 10:51 pm | Permalink
@Diana have you tried to move the files manually? That might resolve the issue or help in getting to the bottom of it.
______________________________________________________
Diana curativeenergy.com
Posted December 16, 2009 at 1:17 am | Permalink
I believe I started another topic somewhere on here. I am able to upload images to my server, I think I can manually enter the html to put them in my pages and posts, not sure yet, but I found by searching around that there seems to be a problem. 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution has made my files accessible to whatever may have written into them.
Thanks for your reply.
___________________________________
So, now that I’ve tried adding images by uploading them to my GoDaddy database and then planting them in my posts through html, I’m finding it doesn’t work. Or, that I’m not able to make it work.
____________________________________
Cristian cozmoslabs.com
Posted December 16, 2009 at 10:47 am | Permalink
To be honest I think this is a permissions problem. I doubt it’s any exploit at work here, just that somethings probably changed in GoDaddy’s server settings.
Try to give 777 ftp permissions to the upload folder, the 2009 folder and the 12 folder inside wp-content. DO NOT give 777 permissions on anything else except the upload, 2009 and 12 folders on the server.
Here is a really extensive tutorial about file permissions: File Permissions Tutorial
Also as a side note, when I said post this on the forums, I meant this LINK. Here is just a post announcing the new forums, not the forums them self! :)
___________________________________________
Okay, now I'm registered and am all legit, I hope.
I will check into the 777 permissions suggestion. I've been seeing in my searches that that might not be good, but will try. Can you tell me why permissions would have changed out of the blue?
