Does BPS Pro Already Protect the /.well-known/ Folder?

Home Forums BulletProof Security Pro Does BPS Pro Already Protect the /.well-known/ Folder?

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • June 17, 2021 at 10:07 am #40350
    Living Miracles
    Participant

    Hello,

    We have a /.well-known/ folder (within the public_html folder) on all our sites and, as far as we know, it is only used for SSL certificates from Let’s Encrypt. We’ve recently discovered that this folder can be abused/compromised.

    Can you give us any assurance that this folder is automatically protected somehow by BPS Pro? Or are there extra security measures we should take in securing this folder? We couldn’t find anything about this already in the forum.

    Thank you,
    Living Miracles

    June 17, 2021 at 10:39 am #40351
    AITpro Admin
    Keymaster

    Additional folders in the root WordPress installation folders and/or the root hosting account can be included/added to files/folders that AutoRestore|Quarantine monitors, but that is not actually necessary to do.  Why?  Because the flow of a hosting account/website hack always follows this route > Hackers exploit some vulnerability somewhere and inject/upload a hacker Shell script or some intermediate hacker file/code into the root of a hosting account or a WordPress installation folder.  Once they have a foothold in the root hosting account or WordPress installation folder they then create files/code in other folders throughout a hosting account.  ie the /.well-known/, /themes/, /plugins/, folders etc.  By default AutoRestore|Quarantine monitors the root hosting account and the root WordPress installation folders for each website.  So that a hacker cannot get a foothold in a hosting account.

    AutoRestore has a feature called:  Add|Exclude Other Folders & Files, but don’t use it.  It is very quirky and is next on my list of things to rebuild/update.  And no I don’t have an ETA on when that feature will be rebuilt.

    June 17, 2021 at 11:09 am #40352
    Living Miracles
    Participant

    Thanks for that information and context. It’s helpful to be aware of what the usual flow of a hosting account/website hack is as we didn’t know that.

    What you’ve shared makes sense but we do have a question to ask. You wrote that a hacker will try to inject/upload a malicious file or code into the root of a hosting account or a WordPress installation folder. I believe for our hosting and WordPress sites this might be the same area. Do you just mean within the public_html folder? I don’t believe I’ve ever witnessed ARQ quarantine a file I have temporarily added in the folder above the public_html folder before.

    Thanks for the heads up about the “Add|Exclude Other Folders & Files” feature rebuild/update, we’ll be keeping an eye out for when that’s eventually released.

    June 17, 2021 at 11:37 am #40353
    AITpro Admin
    Keymaster

    Yep, anything from the root hosting account folder: /public_html/ folder and folders below the root hosting account folder can be protected by AutoRestore|Quarantine. By default the root hosting account files are monitored/protected by AutoRestore|Quarantine. And AutoRestore|Quarantine protects all WordPress folders/files by default. ie folders/files in the wp-content, wp-includes and wp-admin folders. Anything above the /public_html/ folder are protected server folders that are not publicly accessible. Hackers cannot inject/upload files above the /public_html/ folder remotely/externally.

    June 17, 2021 at 12:20 pm #40356
    Living Miracles
    Participant

    Great, thank you for the confirmation and explanation!

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.