Forum Replies Created
-
AuthorPosts
-
Yes I am familiar with the vulnerability in that plugin and it has been pulled from the WP Plugin Repository. I am working on a way to auto-fix this new threat because it cannot me done by a simple SQL Statement without corrupting your other settings.
Anyway, thanks for the response. I’m glad that you got it working.
I don’t see these scripts you are referring to. Can you tell me how to recreate this redirect that you are getting, or send me the code that you have found which my plugin has not identified as malicious so that I can add it to my definition updates.
April 13, 2019 at 10:22 am in reply to: Brut Force Protection – Your Server could not start a Session! #2258Yes, If your server cannot start a persistent session the Brute-Force Login Protection will not work for you (and other things that require and active session may not work either).
There are many reasons that your server is not able to start a session. You need to ask you hosting provider to look into it and let you know why sessions are not working. Also ask them if mod_rewrite is installed and make sure that you can use rewrite rules in your .htaccess file.
You can simply re-register your key using the same prefilled registration form on the Anti-malware Settings page of your wp-admin, just make sure to change the email address before you submit the form and it will update the registration records on my side.
Yes, I play nice with other security plugins
There is no reason to deactivate this plugin when not in use, and I don’t recommend it.
You just need to register this new key to your email account on file. Use the registration form on the Anti-Malware Settings page in your wp-admin.
As on any WordPress site you can change your Profile information here:
Yes, My plugin is completely compatible with PHP 7.2 and this deprecated directive WARNING about “mbstring.func_overload” is irrelevant for a number of reasons.
First, the code in that plugins/gotmls/safe-load/wp-settings.php file is copied exactly from the WordPress core files as an emergency backup feature. So it is not only rarely ever used but it is also present in the WP Core files.
Second, the code in question is only testing to see if this deprecated directive “mbstring.func_overload” is being used, not actually even trying to use it. So it would not cause and error but rather it would detect if the directive was set, which it should not be.
Third, even if a deprecated directive were to be used in some other code on your site it should not cause any errors on a production server because DEPRECATED warnings should be suppressed in your php.ini file anyway.
I have to add that this plugin you used to check for compatibility issue can’t be very good if it does not pick up on or address these three very important points.
Please let me know if you have any further questions.
It will take time to get you site off of those blacklists. Many of those scan results on virustotal (like BitDefender) are not updated frequently, and Google is also sometimes very slow to re-index site that have been flagged for malware.
You will need to lookup each of those sites for a way to request a review and actively work to get your site off of those blacklist as fast as possible but it may still take some time.
Start be checking your site in your Google Webmster Tools account (now called Search Console). Check that security status and make sure that there is a current sitemap uploaded.
Just enable the Automatic Updates and click the Save button and it will install the Core Files definitions for you.
I think you still don’t understand me. So the simplest solution is to listen and trust what I said before:
“You should only change this setting from the default -1 if there is some specific reason that you don’t want the scan to hunt too deeply into all the sub-directories in your scan path.”In other word, trust the default setting of -1 and don’t change it!
If you want to understand this setting more then I will reiterate the same point that I already made which already answered all of these question:
Question: do I use Plus or Minus numbers?
Answer (already given): “-1 is infinite depth”, but… Setting this to any POSITIVE number would restrict the scan from digging down into any sub-directory below that number. Again, don’t do this, just leave it on -1, but I say this again to help you understand the meaning of this setting.Important: DEPTH has nothing to do with the number of domains that you have!!!
20 domain DOES NOT EQUAL 20 sub-directory of depth!!!To understand directory hierarchy and the particular depth of every sub-directory on your server you need to think about the filesystem it terms of folder and sub-folder, not in any way related to what DOMAINS your have on that server.
Scan Depth is the number of sub-directories to drill down into (as it says below that field “how far to drill down”), it has nothing to do with how many domains you have. It also says “-1 is infinite depth”, which is the default and recommended setting. Setting this to any positive number would restrict the scan from digging down into any sub-directory below that number from the level that the scan starts in. You should only change this setting from the default -1 if there is some specific reason that you don’t want the scan to hunt too deeply into all the sub-directories in your scan path.
You can either login to each of your additional accounts here on http://gotmls.net/members/ and then transfer each of those accounts to your main registered email, or you can simply re-register each of your domains to the right email address by clicking on the green checkbox in the upper-right side of the Anti-Malware Settings page in your wp-admin.
This looks like a cache issue. I see that the malware was already removed by my plugin. The problem was that Google only scans their cache of your site and not the live site, they are also slow to react and re-index when changes are made. So it may take some time for them to approve your site after the problem is fixed.
Make sure that you have a current sitemap uploaded to the Google Search Console to help expedite the current and correct indexing of your clean site.
It sounds like you are not actually having the same problem as Steve. Also, the database scan feature is already finished and is part of the current version of my Anti-malware plugin, so if you have the latest version you should see that the DB scan is included in the complete scan.
It sounds like you have multiple sites on the same shared hosting plan and they’re all getting reinfected by the malware spreading back and forth from one site to the other. In cases like this it is essential to get all the malware off of the server at one time so it doesn’t have chance to replicate itself to the sites that you’ve already cleaned. Depending on the security on server and the number of infected sites you have, and if this malware is also spreading from other accounts on the server that are not within your control, you may have to move your sites to a more secure hosting environment in order to get them clean and keep them clean.
-
AuthorPosts
