Forum Replies Created
-
AuthorPosts
-
Thank you for posting this new variant. I just wanted to follow up and let you know that this was added to my definition updates so that it can be removed automatically.
The Nonce Tokens are automatically generated and stored as a transient record in your wp-options table every time you load the page. If you got this message once it was probably a fluke or you let the page sit for a day before starting the scan and the token really did time out. But if you load the Anti-Malware Settings page and then start the scan right away and it a it gives you this error message every time then it means that there is something wrong with your database that is preventing the Nonce Tokens from being stored at all, and this also means that other settings stored in the wp-options table cannot be saved either.
Try to create a new record in that table, if it fails then check the error_log for any details that might explain why it doesn’t work. It might be that the Primary Key is not set to AUTO-INCREMENT or that the AUTO-INCREMENT value is it set lower that the highest value in the option_id column.
This error might have been logged when you tried to run the Quick Scan if there were lots of files in the scan path or it was finding lots of threats a the the scan was taking a long time and so was thus unable to finish before your server timed out and killed the process. You might try running the Complete Scan instead of the Quick Scans. Also, you could cross-reference the times in your access_log and error_log files and compare those to see what you were doing on the site at the time of the error.
As the error suggests there is no php process that is allowed to run for more than 60 seconds so that error is not connected with your inability to login for an hour.
My plugin also does not ban you from login in for the span of a hour or any other length of time. I suspect that you have some other security plugin on your site that is causing these other issues.
The Firewall options in my plugin never return a 403 Forbidden message but only use a 301 Redirect to block bad traffic, so that issue you were having must have been caused by something other than my plugin.
I just installed the Core Files for WP 5.5 into my Definition Updates. Please make sure that the Automatic Update feature is enabled and click Save to download the latest definitions.
I am very sorry for the trouble you had with this plugin. I have examined the file in question and found that, while the method they are using to include this JavaScript code is improper and may not be save, it is also not malicious and I can see how my existing definitions of this threat would leave the wp-fullcalendar.php file broken with a syntax error. So I have corrected this and released a definition update that will ensure that this file will not be broken by any future scan/fix runs.
I am also concerned that the recovery link didn’t work for you. This is supposed to be a fail-safe that should ensure that any problem like this would be easy to revert and undo, even if it were to cause the site to crash. Can you tell me anything more about this? I can see that your server has some kind of firewall that appears to be blocking my plugin from employing the fix with a message: refused to connect.
ERR_BLOCKED_BY_RESPONSEI have never seen this before and so I’m curious about what server would be blocking my plugins response that would have allowed you to fix this issue. Is there anything that you can share with me that might help me understand why this feature is blocked?
I totally understand that you are not impressed by the awful experience that you had and I hope that you except my apology and my reassurance that I have taken steps to ensure that this will not happen again. I also with that you would have contacted me sooner, before you spent all that time fixing the files that got screwed up, because I would like to think that I could have helped you revert the changes without too much trouble and then maybe I also would have discovered why the recovery link was blocked on your server.
Please let me know if you have any more information for me or if there is anything else I can help you with, but I will understand if your lost confidence in me and my plugin is irreversible. And I thank you anyway for the information that you have already shared, a s it has help to ensure that other will not have this problem with the wp-fullcalendar plugin.
Here is a list of caching plugins available for WordPress:
https://wordpress.org/plugins/search/cache/
All of these, by the nature of what they do, can make it difficult to remove all the malware on your site, as there purpose is to create copies of your site’s generated output (including any output generated by malware) and display that save code (even if it have malware in it).
Additionally, some of these plugin may interfere with the scan process by intercepting the generated output from the scan results, thereby potentially slowing the scan or sometimes even altering the results before they are displayed.
Therefore, it is generally advised to disable all caching and delete all cache files before scanning for malware on any site.
If your server has any caching software installed or if you use any caching plugin on your site then you should clear those cache files too. Maybe even disable any server-side caching while you are working on this issue. cache files can preserve the appearance of malicious threats on your site even after you have removed the malicious code.
It sounds like this is an issue with the Brute-Force Login Protection which is enabled on the Firewall Settings page in your wp-admin. If you disable that option does it fix this problem?
Can you give me the Error Number from redirect landing page so that I can give you more information about what might be causing this issue for you?
I’m not sure why some of your posts are not showing anything on this forum but I got your plugin lists and there are a lot of Ad Plugins that I guess you use to generate ad revenue on your site. My first guess is would be that one of those is responsible for adding that propu[.]sh script into your footer. I would suggest that you try deactivating those plugins and then clear your cache and see if that malicious JavaScript still shows up in the HTML of your footer section.
Thanks for sending me you footer.php file. Unfortunately this malicious JavaScript was not generated from within that file.
After seeing that file it is clear that this malicious code is being generated by another file using the wp_footer hook. This could be a rogue plugin file or a hacked WP Core file or maybe even some new filter/action added to the functions.php file.
Can you send me a list of your plugin (a screenshot of the Installed Plugins page in your wp-admin will do), and a list of all the folders in your /wp-content/plugins/ directory too?
This URL is already in my latest definitions of DB Injections, but this one looks like it might have been injected directly into your theme’s footer.php file. Can you please send me the footer.php file from your theme so that I can added this new variant to my definition updates. Then it can be automatically removed from any files using my plugin in future scan.
I see that your site is currently registered with that key. If you still don’t see the registration form your end then try clearing yoru cache and refresh your wp-admin page. Also, check your browser’s Console for JavaScript error. And let me know if you still don’t see the registration on your end.
It looks like my plugin removed some malware, but the PHP Warnings on your site are from something else. I think you must have upgraded PHP or something because these are deprecation warnings about functions and methods in your plugins and theme that are no longer supported in the version of PHP you have installed on this server. You could also ask your hosting provider to help you turn off those PHP warnings in the configs so that it doesn’t show on the front end of your website.
I see that your site is actually registered correctly under this account, so maybe there is some kind of JavaScript blocker that is breaking the registration check on your end. Can you check the Console tab on your browser’s Inspector to see there are any JavaScript errors on that page?
-
AuthorPosts
