Forum Replies Created
-
AuthorPosts
-
There are a few different reasons that a file might be skipped and is is common to have many skipped files in every scan.
Usually it is because the file are a binary type (like ZIP, EXE, or image files) which cannot be directly executed on the server, sometime it is because they are empty files, so they cannot contain executable code.
If you hover over the file names in the list of skipped files it will tell you why they were skipped.
Yes, You can login to gotmls.net with the email that you just used to register that new site and then transfer that registration to your other email account.
You can also click on the key in the upper-right side of the Anti-Malware Setting page in your own wp-admin and that will open the pre-filled registration form so that you can change the email address and re-register your site to the correct email account.
It is not uncommon for hosting providers to complain about users who run my plugin often. The fact is that it takes a lot of the server’s resources to run CPU intensive scans of every file on your server. Most of the big-name shared hosting providers out there make a huge profit by hosting lots of small websites on a single server and hoping that they get very little traffic. If any of there customers wants to use a notable amount of CPU ticks on a regular basis it can affect the overall load on the server and start to threaten that profit margin.
I don’t see any screenshot, can you please send me that via attachment to a direct email?
If you are seeing a “critical error” then there must be some important technical details in your error_log file. If you can send me that log file too then I can probably help with that as well.
When we get the scan working as it should then you shouldn’t need to run it all the time and they will probably not notice any significant impact in the future.
The session_start function is used in the optional Brute-Force Login Protection. If you have activated this protection on the Firewall Options page (found under the Anti-Malware menu in your wp-admin) then it will execute the session_start function from an include file that was added to the top line in your wp-config.php file, even if you deactivate the plugin. Deleting the plugin, or removing this line in your wp-config.php file will disable the Brute-Force Login Protection, but you can probably just ignore this warning if you want to keep the extra protection. I have yet to my session_start actually interfere with and REST API calls.
Please let me know if you have any more questions on any of this, or if you would like to report an actual conflict with your REST API usage and my session code please send me the details and I’ll look into it further.
It looks like this hack placed a malicious file in your mu-plugins folder. The file 4Edqv8.php should probably be deleted but you may want to save a backup of this file in case it could help uncover other parts of this infection.
If you would be willing to download that home/bemighty/webapps/ESTELITAS/wp-content/mu-plugins/4Edqv8.php file and send it to my email as an attachment I could tell you more. Then you could delete it and your site may start working again, if not then check the error_log file again in case there are other similar errors in other files.
You must have access to the wp-admin on your site in order to run my plugin. There are many situations where the wp-admin is accessible even when the main pages on the site are down. Regardless, it is usually a simple matter to restore the functionality of your site after a crash like this one, you will just need to find the error_log files on your server to determine what is causing this critical error. The recent entries in the error_log file should point to a line of code in a file on your server that is the cause of all this, and then can usually be as simple as removing that line or correcting the bit that is causing the error. Then you can install my plugin and scan the site to fix any other infections found on the site.
Let me know if you need more help interpreting the errors in that log file, or if you come to any new hurtles that I might be able to assist you with.
I’m confused about who is reporting what to you.
You say “GOTMLS reports a JS injection on my home page and another page” but perhaps you mean that someone else is reporting a JS injection?
When you scan (with what?) does it says its all clear?
Can you contact me directly with the website details and some screenshots or examples of the conflicting reports you are seeing?
No, You can run the Complete Scan from the Network Admin and it will scan all the files in all the sites.
My definitions are of known threats which are to be removed from any files found to contain malicious code matching those patterns. It is rare that I would classify another plugin or theme as such a malicious threat, but I do report any vulnerabilities I find to the developers directly. It is only if those developers refuse to patch the exploit that I would take the initiative to flag and remove the threat in their code.
Since this vulnerability was discovered on February 10th and patched on February 13th, before it was even disclosed, I have no need to add it to my definitions, as users of this theme can simply upgrade to the latest version to be safe from this exploit.
If you have any information on this vulnerability (or the subsequent patch) that could make it more of a continuing issue for the greater community then I would ask you to contact me privately or contact the developers directly to share anything that might be helpful.
Any 500 Errors should show up in your error_log file if your web server is configured properly. The blank grey page is also probably do to an error that should also be in the error_log.
If you want to send me the error_log file and let me know what timestamps to look at then I can help you figure out how to fix whatever is causing this error.
You should also check any other forms that post in your wp-admin to see if it is something that is preventing the posting of any form data. Try saving some minor changes to a post or page just to see if that still works.
January 25, 2024 at 8:14 am in reply to: Error 500 on wp-admin/admin.php?page=GOTMLS-settings #117659This has been known to happen if you have another plugin of an infection which is designed to prevent you from using the POST method on forms, or when such an attempt to filter the POST variable on a form results in an unexpected error from the interfering code.
Your best course of action is to check the error_log files on your server right away to see what code in what file is causing this error. You can also try temporarily disabling all other plugins to see if that allows you to POST the form data, then re-activate each plugin one at a time (trying to POST the form data after each one) until you find the one that is responsible for this error. Keep in mind though, if this error is being caused by a malicious injection then it could be in the theme, or the core files, and not just in the plugin files.
If you want to send me the relevant errors you find in the error_log file then I can help you figure out how to fix this.
Actually the memory_limit value in the php.ini does have a direct impact on all PHP processes running through your website. So, if it says memory_limit = 256M then every PHP processes (including my plugin’s scan jabs) will be limited to 256MB of memory, even if your server has 32GB of physical memory installed. Whereas, other server side applications like ImmunifyAV run as stand-alone processes with full access to all the servers CPUs and could use as much memory as the server has if they need to to get the job done. please understand that my plugin (like every other PHP process on your website) is limit to the resources that your server assigns to it, and it does the best it can within those limits.
All those errors are certainly a troubling sign to my eye and I would like to help you solve that because I suspect that you may actually have some infected file and the scan is definitely being impeded in some way. The first 3 error on that list have suspicious output about the __wakeup function in the Videoframes class that is coded incorrectly and could be caused by a malware injection (or it could just be a poorly written plugin that is causing errors on your site). You might get more information about the source of this error in the error_log files on your server.
The fact that there were no Database injection found should be a good thing but perhaps you have reasons to suspect that this is incorrect and are hoping to locate scripts in the Database that you are sure should be there. Can you tell me where you are seeing evidence of an infection on your site so that I can take a look?
That is an interesting way to configure the scan. I’m not sure I have ever tried it like that and I don’t think it will skip the file indexing even if you haven’t selected any file type threats to look for (something I will have to make accommodations for in my next release). Regardless, it should not be taking that long. I can see from that screenshot that it is currently in the “Re-Checking” phase, which only happens if there are read errors on your filesystem, and there must have been a lot of them for it to push out the scan time that far. Perhaps you might want to increase the memory_limit in the php.ini file on your server to speed up the scan and ensure that the larger files can be opened and read. You may also need to check the file permissions if some of those files eventually show up under the Read/Scan Error section of the results (I see there are two there already in that screenshot).
I would like to help you figure out why it is running so slow on your server and find a solution to this problem but it is hard to guess at the cause from just one screenshot.If my above guesses were no help and you need more help from me you can email me directly with more screenshots or even send me a login to your wp-admin if you are willing to trust me with admin access to your site (I won’t break anything, just want to test the scan in a few different ways to see why it’s acting slow).
There is one more thing you could try. It’s just a workaround for the DB Scan if that is all you want, but I would still like to speed up the file scan for you. Anyway if you just want to skip right to the DB scan you can try selecting only a single small plugin to scan by clicking on the word “plugins” under “What to scan:” and then selecting a small folder like “gotmls” (see screenshot below):
This plugin performs an active scan from the Anti-Malware Setting page within your wp-admin. The Complete Scan progress is rendered on the page as the scan is running and it is necessary to stay on that page for the scan to finish. Results are displayed in real-time as the contents of the files and database are scanned and it usually takes less than 30 minutes to scan all the files in the scan path and the database too (which is done at the end of the file scan).
If you are experiencing anything different from what I have just described then would you please send me a screenshot of what you see so that I can help you troubleshoot the cause of the problem you are having?
It sounds like you’re getting about 10 folders scanned per minute. This is extremely slow in general and I expect it is even slow by Bluehost standards, but I cannot say why it is so slow without a lot more diagnostic data. I can only say that I would normally expect it st scan at a rate of 1 or 2 folders per second, averaging around 100 folders per minute. Even so, it would still take over 6 hours to scan 39000 folders. The site root for this installation of WordPress might contain sub-directories containing other WordPress sites, this might explain the great number of folders on this scan. It is usually preferable to scan each site from within the wp-admin of that individual site and omit the directories which contain other websites that will be scanned separately.
The main issue though is the general slowness of the scan and you should look into the error_log files on the server to see if there are any errors or warnings there that might explain the slow scanning. You can also check your browser’s Console for JavaScript errors that might be causing the page to load slowly. Ideally you would also want to look at the overall performance of the server and the current load that this server is under, but that would most likely be info that Bluehost would not share with it’s customers, even if they did have a good handle on those stats.
Beyond that there is only so much I can do when the software is running on other’s hardware that is out of my control. If there are no errors to remedy and the usual server performance boosts like increasing the memory_limit in your php.ini file on the server do not help then I can only suggest that you consider hosting your websites on a more secure hosting platform with a better performing server.
-
AuthorPosts
