Files disappearing, including html files

I uploaded a file, and it worked for a day or two, but today I checked and it’s gone! This has also happened to a few other files. The first thing I thought was abuse filters, but I would have either gotten suspended for that, or there would be a message (right?). Another thing I thought about just now is how when you go to file manager, the password is encoded right into the url query! Could someone be accessing my file manager and deleting files, or is it the abuse filter, or something else?
Oh, and also, one of the files deleted is almost identical to another file on the main domain, and that one hasn’t been deleted, so…

1 Like

Yes do not put your filemanager on communities, PLEASE DO CHANGE YOUR PASSWORD IMMANENTLY!

I have not posted any url, the only person who has access would be the school which has access to history, and they most likely don’t interfere. I am saying that if you open file manager from the link in your control panel, the base64 encoded string contains your password, as well as other information. I do not think I have a breach since more files would be deleted. I would also recommend (if possible), that @admin investigates this immediately, because YOU SHOULD NOT PUT PASSWORDS IN QUERY PARAMS, even if encoded.

1 Like

I do agree with that at some points it is risky and dangerous, Redirect to Control Panel from client area has a great option, because it is sending form data to the control panel in body while filemanager does that through url, i don’t think if similar thing would be done for filemanager (as well as Softaculous url)

Aside that I suggest you to use ftp clients like filezilla since it doesn’t login in insecure way.

I use the school computer, so I can’t use filezilla, but when I can, I will. I guess I will just have to press my luck and pray that no one finds my history. Anyways, it’s not a very serious site, more of development so Idc that much. But yeah, I’ll try to get filezilla when I can.

1 Like

Why School Computer, you can also use your Android Mobile to do this use AndFtp instead of Filezilla.

Transfer your files to your Phone and use them anywhere.

Personally, I use my Android phone to code and use AndFtp to transfer files to my Server.

1 Like

The school computer is the only thing I have :frowning:

1 Like

What’s there to investigate? I know how the login links work, I implemented it myself in the client area. So I also know that this is the way login links work with MonstaFTP, and there is no other way to handle the login links.

I fully agree with you that it’s not a good way to share credentials, but this is the way it works.

The right way would be to generate a temporary, single use token to login. But MonstaFTP doesn’t have that as an option.

That seems a bit presumptuous. It’s entirely possible for an account to be breached and only for data to be retrieved from it, without deleting or editing any files.

Yes, it could be anything. It could also be a vulnerability in your website code, a technical glitch on the hosting platform or maybe an accidental change from someone authorized to access the account. It’s impossible to way.

4 Likes

Ok thanks. It seems to be disappearing only on my subdomain. It might just me not uploading the file and forgetting, then thinking it got deleted (although on some files this is not the case, as I specifically remember uploading them). Oh well, it’s fine for now.

1 Like

Have you tried accessing the files via the web browsers? e.g example.epizy.com/missingfile.html?

Yeah, I have. One of the first signs of showing it disappeared was that content that was generated by json files were not showing up. Anyways, I think it’s working now.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.