Forum Replies Created
-
AuthorPosts
-
Can you please try the Complete Scan again but this time have the Network and Console tabs open in your browsers Inspector so that we can see if there are any errors preventing the scan from continuing after a minute or two?
Also, you should enable the automatic update feature to get the Core File definitions too if you have not already done that. It will not fix this issue but it may speed up the scan a bit once we get that going.
Yes, with the plugin deactivated it cannot enforce the User Enumeration rule. It was probably a caching issue on your end that caused the redirects to continue.
First: Never trust an AI to give accurate information. This is not in any way evidence of a persistent malware infection. This is simply a feature of my Firewall which protects against URLs with User Enumeration, like the “posts by author” link you are trying to get working.
If you delete my plugin then it will no longer protect against this potential threat, but if just disable that one feature on the Firewall Options page in your wp-admin then you can user links with author IDs and also still have all the other protections that my plugin has to offer.
Please let me know if you need more help or have any further questions.
All notifications on my site come from my email address so you can just reply directly to any of the emails you got from my site so far and they will go directly to me.
This is due the the Brute-Force Login Protection that you enabled, not because of the donation.
The NO_SESSION_ID error means that your browser was not able to sustain a persistent session during the login process. This could be caused by any number of methods of disabling cookies in your browser, or else something wrong on the server that is preventing PHP from managing the session files for your connections. It could be a permission issue or a read-only partition any some other misconfiguration of PHP on your server.
I see that you have disabled the Brute-Force Login Protection on your website so the issue is no longer present on your login page. If you would like to try enabling this protection again find you are still having this issue with it then I can look at it for you.
Please email me directly for a quicker response and we can work on this to see what is causing the problem and I will find the solution for you.
Yes, I can help you find your old account, but lets not discuss user account info on this public forum.
Please contact me directly via email and provide any information on the account that you are looking for so that I can help you further.
eli AT gotmls DOT net
February 9, 2025 at 3:29 pm in reply to: Notice: Function _load_textdomain_just_in_time was called incorrectly #147549I have not heard of this, and there shouldn’t be any translation call before the init hook in my plugin. I am also unable to recreate this Notice on any of my test sites, even on WordPress 6.7.1. It is possible that some other code (not in my plugin) is including code that calls a text translation using the gotmls domain, or maybe even some kind of malicious code that is messing with the order that files are loaded in. Which site are you having this issue on?
Is there a trace in the error_log file that shows what file is including this translation call too early?
Is there any way that you can grant me access to the site so that I can debug in real-time?
I is sometimes possible to do this depending on the directory structure of the website files and the permissions on the server, but it is not recommended for several reasons.
First, the plugin uses the information in your WordPress installation directory and your database together to make the scan process more complete and more accurate. If you were to scan other files that are not part of that install then you would not have the benefit of knowing what version of those files to expect, nor would you have access to the database that those files use to populate the data for that other website.
Also, if the other websites are not even WordPress at all then there will be a higher likelihood of false positives, as many other proprietary PHP software uses the same method of obfuscating their code as the hacker use to hide their malware.
It will also take longer to scan all the files from those other sites and could cause the scan process to lag and be less effective at cleaning the main site. Therefore, it is recommended that you simply install this plugin on each of your WordPress websites and then scan them from within the wp-admin of each site.
I am working on a server version which sys-admins could configure to run on the whole server but it requires a completely different scan engine and interface which is not dependent on WordPress to run. but I am still testing this new scanner and it’s not ready for BETA testing on other servers yet. I can let you know when this new option is ready if you would be interested in being a BETA tester.
Yes, the purpose of my plugin is to find the source of the malicious code no matter what the file names are. You cannot assume that a file is malicious just because of it’s filename, especially when they use really common filenames like the ones on that list. You have to examine the contents of every file.
Can you give me an example of the actual problem you are seeing on your server?
Your request does not really make sense to me.
First, you have given me a list of file Common PHP filenames from a random Github account. What do you expect me to do with that? How is that relevant to your current situation for which you need my help? why not give me an actual list of files on your system with an explanation of how they are relevant to your problem?
Next, you give me a cropped picture of some process names and times in htop. Again, what should I do with this? There is no relevance or context here.
If you want my help you will need to give me some pertinent information about the actual issues you are facing and a clear picture of what you see on your own server that is concerning you.
Thanks so much for reporting this issue to me. There was actually a flaw in the P1EHB definition update that I released last night which led to a lot of False Positives (including in my own plugin files).
I have released a patch in the latest definition update (version P1F3S) that will fix this issue.
I am truly sorry for any problems this may have caused on your end. Please download the new definition update on all your websites and let me know if there is anything else I can do for you.
It looks like you figure out how to re-register this website under the correct email address about four minutes after posting this topic. Did you still need any help with this or is it all working as expected on your end now?
January 10, 2025 at 8:43 am in reply to: Finishing a clean up. Question about license.txt, radio.txt #145053I am curious how there could be no differences in two files that have different file sizes, it seems like there should be some difference in file contents even if only in the spacing or returns between lines. If that’s all it is then I suppose you could ignore it, but in case it’s more than that I would suggest that it might just be safer for you to fix this file. What version of WordPress did you download to compare the license.txt file?
It sounds like the radio.txt file just has some kind of key or tracking number in it. I can’t tell you what that is used for without more info on what put it there but it can’t be harmful by itself, and it’s always possible that it was put there by a plugin that you are using and that it is needed for some kind of registration or account tracking purposes. You can always rename it or move it to a secure folder somewhere else to see if the file gets regenerated and then try and determine what scripts are responsible for writing that file.
Does it do this every time you start the Complete Scan?
It sounds like a caching issue on your server but I cannot tell for sure with just that one screenshot.
To help your further, I will need the answers to my prior questions and a screenshot of the complete scan results so that I have a better idea of what is going wrong.
Also, there is no need to delete the Quarantine records. That historic information is safely preserved in the database to aid with future scans and to help troubleshoot when any issue is not fully resolved after the first fix (as with your situation, the more info we save the more data we have to put together a clear picture of what is happening on your server).
The nonce tokens are stored in your database, so if it’s not just the fact that too much time is going by and the tokens are not truly just expiring, then perhaps there is an issue with your WP_options table. Maybe the table is read only or some other process is preventing the nonce tokens from being stored or is removing them from the database.
How long does the scan take and how long after the scan is done are you running the automatic fix on the threats that are found?
Have you tried the quick scan?
Have you tried limiting the complete scan to only the areas where you know that threats are found?
Have you tried fixing some of the threats as soon as they are found without waiting for the complete scan to finish?
Can you send me a screenshot of the complete scan results so that I have a better idea of how long the scan is taking and how many files it’s finding and where they are?
-
AuthorPosts
