Forum Replies Created
-
AuthorPosts
-
Here is more information. There was a malware situation that changed the injected an htaccess file in /wp-admin causing 403 error to all admin pages. In the process, GOTMLS was DEACTIVATED. Fix was to replace the htaccess file and activate GOTMLS.
Hello Eli. I use this plugin on a number of wordpress sites. During the monthly site maintenance, I noticed the plugin got deactivated. Seems to have occured only on Bluehost sites. Not sure if Bluehost did it, or some other entity. Just letting you know in case this is a happening elsewhere.
Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.
Tried uninstallng plugin/ reinstall
Entered my GOTMLS login – no help.
Site currently has hack on products..redirecting to other site.
Confirmed – Fix worked
Restored file.
Ran scan with newest version. No malware.
Thank you for checking this out.
Screen shot, as requested.
Note that the scan was run on 11-27-2017. So whatever was the newest version of the definitions was run at that time.
https://drive.google.com/file/d/1G-HAORy02dbTGK3ltPlWGa7qH2IWuhQP/view?usp=sharing
I ran GOTMLS on a different site today, that has the same theme and plug. No malware reported. Here is the configuration on that site. Note it is using PHP 5.6
PHP:5.6.32
LiteSpeed
WordPress:4.8.4
Plugin:4.17.44
Definitions:HC79SSorry, when I did the cut and past of the code, I screwed up the comment line.
The name of the plugin is Widget Areas by ThemeBlvd.
https://wordpress.org/plugins/theme-blvd-widget-areas/
Here is the code correctly formatted. (Line 341) Also, link to the entire file below.
// Custom conditional
if ( $assignment['type'] == ‘custom’ ) {
$process = ‘if (‘.htmlspecialchars_decode($assignment['id']).’) $id = $assignment["post_slug"];’;
eval( $process );
}
FILE:
https://drive.google.com/file/d/1E_9jxb1JFn_iPwPUsr3o5AozfrytHL5X/view?usp=sharing
Hello,
Not a big deal, but just thought I would inform you of a false positive on a plugin recently. The following code was flagged by GOTML:
// Custom conditionalif ( $assignment['type'] == ‘custom’ ) {$process = ‘if (‘.htmlspecialchars_decode($assignment['id']).’) $id = $assignment["post_slug"];’;eval( $process );}
The developer responded that it is not malware:
Yes this is a valid code and it is not malware. The call to eval() allows you to set the “custom conditional” assignments from Appearance > Widget Areas.
Thank you for your super fast response and the continuous software improvements !
Hello – This post is meant to be informative to the developers concerning a failed revert.
After running a scan, malware was found in all the theme functions.php files.
I clicked on ‘clean’. The automatic site test stayed red, indicated the clean did not work. I clicked on ‘revert’, but the site remained broken.
The malware was on line 1 of the functions.php file. The error after cleaning was:
Parse error: syntax error, unexpected ‘)’ in /home/content/p/r/o/prongpower/html/wp-content/themes/twentyfifteen/functions.php on line 1
Malware was still in the file, with a leading ‘)’ causing the error.
I resolved by restoring a clean file from backup.
malware infected file available by request if it helps your troubleshooting.
-
AuthorPosts