Forum Replies Created
-
AuthorPosts
-
This warning is just to let you know that an output buffer handler by your LiteSpeed caching plugin is being invoked on my plugin setting page and therefore could be affecting the results of the scan or the overall scan time. This is not necessarily something that you need to do anything about but it is generally not a good idea to be running any caching while the scan is taking place. It is up to you if you want to temporarily deactivate the caching plugin and delete all the cache files before running the Complete Scan and then restart the caching after the scan is done.
Some of those code snippets are clearly truncated or missing something from the beginning of the script. It may be true that not all the script in the affected files is malicious but it would help me greatly to see the whole contents of those infected files (including any non-malicious code that might have been in the file before it was appended with these malicious lines of code) so that I can determine the pattern in the affected scripts and make sure that all the offending code can be removed without damaging the syntax of the original code.
Could you please look for a backup on your server that might contain the whole of the infected files and send those to me directly via email attachments?
Thanks for reporting this! I have confirmed this False Positive and corrected the last definition update with a new definition just released (version P6FEO). After downloading the new definitions please run the scan again and confirm that it no longer finds and flags these files as Known Threats.
Sorry for the inconvenience and thanks again for reporting this issue!
You can disable the protection for user enumeration on the Firewall Options page in your wp-admin.
Ok, I see that the offending script is still present. I have just released a new definition update that should find it this time. Please download the latest definitions version P3RF4 and if it still does not find anything can you please send me a full screenshot of the scan results page with the scan setting showing?
I just added this new threat to my definition updates. Please download the latest definitions and run the Complete scan again.
Please let me know if it find this threat in your database or not. If not I would like to take another look at it.
You didn’t say what other malware plugin you are currently using so I cannot say for sure that there is no conflict, but my plugin is designed to work with all other security plugin so the only conflict that there might be is one that I don’t know about. You should feel free to try it out and let me know if you find any conflicts. The Brute-Force Login Protection in my plugin is an optional premium feature so you don’t have to use it, but I feel it is superior to all others in a few ways. Ultimately it’s up to you which one you use but multiple layers of security is usually preferable to fewer and conflicts are rare.
Please feel free to follow up and let me know what you use and how it work for you.
Can you please try the Complete Scan again but this time have the Network and Console tabs open in your browsers Inspector so that we can see if there are any errors preventing the scan from continuing after a minute or two?
Also, you should enable the automatic update feature to get the Core File definitions too if you have not already done that. It will not fix this issue but it may speed up the scan a bit once we get that going.
Yes, with the plugin deactivated it cannot enforce the User Enumeration rule. It was probably a caching issue on your end that caused the redirects to continue.
First: Never trust an AI to give accurate information. This is not in any way evidence of a persistent malware infection. This is simply a feature of my Firewall which protects against URLs with User Enumeration, like the “posts by author” link you are trying to get working.
If you delete my plugin then it will no longer protect against this potential threat, but if just disable that one feature on the Firewall Options page in your wp-admin then you can user links with author IDs and also still have all the other protections that my plugin has to offer.
Please let me know if you need more help or have any further questions.
All notifications on my site come from my email address so you can just reply directly to any of the emails you got from my site so far and they will go directly to me.
This is due the the Brute-Force Login Protection that you enabled, not because of the donation.
The NO_SESSION_ID error means that your browser was not able to sustain a persistent session during the login process. This could be caused by any number of methods of disabling cookies in your browser, or else something wrong on the server that is preventing PHP from managing the session files for your connections. It could be a permission issue or a read-only partition any some other misconfiguration of PHP on your server.
I see that you have disabled the Brute-Force Login Protection on your website so the issue is no longer present on your login page. If you would like to try enabling this protection again find you are still having this issue with it then I can look at it for you.
Please email me directly for a quicker response and we can work on this to see what is causing the problem and I will find the solution for you.
Yes, I can help you find your old account, but lets not discuss user account info on this public forum.
Please contact me directly via email and provide any information on the account that you are looking for so that I can help you further.
eli AT gotmls DOT net
February 9, 2025 at 3:29 pm in reply to: Notice: Function _load_textdomain_just_in_time was called incorrectly #147549I have not heard of this, and there shouldn’t be any translation call before the init hook in my plugin. I am also unable to recreate this Notice on any of my test sites, even on WordPress 6.7.1. It is possible that some other code (not in my plugin) is including code that calls a text translation using the gotmls domain, or maybe even some kind of malicious code that is messing with the order that files are loaded in. Which site are you having this issue on?
Is there a trace in the error_log file that shows what file is including this translation call too early?
Is there any way that you can grant me access to the site so that I can debug in real-time?
I is sometimes possible to do this depending on the directory structure of the website files and the permissions on the server, but it is not recommended for several reasons.
First, the plugin uses the information in your WordPress installation directory and your database together to make the scan process more complete and more accurate. If you were to scan other files that are not part of that install then you would not have the benefit of knowing what version of those files to expect, nor would you have access to the database that those files use to populate the data for that other website.
Also, if the other websites are not even WordPress at all then there will be a higher likelihood of false positives, as many other proprietary PHP software uses the same method of obfuscating their code as the hacker use to hide their malware.
It will also take longer to scan all the files from those other sites and could cause the scan process to lag and be less effective at cleaning the main site. Therefore, it is recommended that you simply install this plugin on each of your WordPress websites and then scan them from within the wp-admin of each site.
I am working on a server version which sys-admins could configure to run on the whole server but it requires a completely different scan engine and interface which is not dependent on WordPress to run. but I am still testing this new scanner and it’s not ready for BETA testing on other servers yet. I can let you know when this new option is ready if you would be interested in being a BETA tester.
-
AuthorPosts
