Paul Wayne

Forum Replies Created

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • in reply to: Bluehost deactivating plugin #52445

    Paul Wayne
    Member

    Here is more information. There was a malware situation that changed the injected an htaccess file in /wp-admin causing 403 error to all admin pages. In the process, GOTMLS was DEACTIVATED.  Fix was to replace the htaccess file and activate GOTMLS.

    in reply to: Bluehost deactivating plugin #52386

    Paul Wayne
    Member

    Hello Eli.  I use this plugin on a number of wordpress sites. During the monthly site maintenance, I noticed the plugin got deactivated. Seems to have occured only on Bluehost sites. Not sure if Bluehost did it, or some other entity. Just letting you know in case this is a happening elsewhere.

    in reply to: Valid Noce Token not loading #18726

    Paul Wayne
    Member

    Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.

    Tried uninstallng plugin/ reinstall

    Entered my GOTMLS login – no help.

    Site currently has hack on products..redirecting to other site.

    https://chewshappiness.com

    in reply to: False Positive on plugin code #1981

    Paul Wayne
    Member

    Confirmed – Fix worked

    Restored file.

    Ran scan with newest version.  No malware.

    Thank you for checking this out.

    in reply to: False Positive on plugin code #1979

    Paul Wayne
    Member

    Screen shot, as requested.

    Note that the scan was run on 11-27-2017. So whatever was the newest version of the definitions was run at that time.

    https://drive.google.com/file/d/1G-HAORy02dbTGK3ltPlWGa7qH2IWuhQP/view?usp=sharing

    I ran GOTMLS on a different site today, that has the same theme and plug.  No malware reported.  Here is the configuration on that site.  Note it is using PHP 5.6

    PHP:5.6.32
    LiteSpeed
    WordPress:4.8.4
    Plugin:4.17.44
    Definitions:HC79S

    in reply to: False Positive on plugin code #1977

    Paul Wayne
    Member

    Sorry, when I did the cut and past of the code, I screwed up the comment line.

    The name of the plugin is Widget Areas by ThemeBlvd.

    https://wordpress.org/plugins/theme-blvd-widget-areas/

    Here is the code correctly formatted.  (Line 341) Also, link to the entire file below.

    // Custom conditional

    if ( $assignment['type'] == ‘custom’ ) {

    $process = ‘if (‘.htmlspecialchars_decode($assignment['id']).’) $id = $assignment["post_slug"];’;

    eval( $process );

    }

    FILE:

    https://drive.google.com/file/d/1E_9jxb1JFn_iPwPUsr3o5AozfrytHL5X/view?usp=sharing

     

    in reply to: False Positive on plugin code #1972

    Paul Wayne
    Member

    Hello,

    Not a big deal, but just thought I would inform you of a false positive on a plugin recently.  The following code was flagged by GOTML:

    // Custom conditionalif ( $assignment['type'] == ‘custom’ ) {$process = ‘if (‘.htmlspecialchars_decode($assignment['id']).’) $id = $assignment["post_slug"];’;eval( $process );}

    The developer responded that it is not malware:

    Yes this is a valid code and it is not malware. The call to eval() allows you to set the “custom conditional” assignments from Appearance > Widget Areas.

    in reply to: Revert did not work after failed quarantine #1908

    Paul Wayne
    Member

    Thank you for your super fast response and the continuous software improvements !

    in reply to: Revert did not work after failed quarantine #1905

    Paul Wayne
    Member

    Hello – This post is meant to be informative to the developers concerning a failed revert.

    After running a scan, malware was found in all the theme functions.php files.

    I clicked on ‘clean’.  The automatic site test stayed red, indicated the clean did not work.  I clicked on ‘revert’, but the site remained broken.

    The malware was on line 1 of the functions.php file. The error after cleaning was:

    Parse error: syntax error, unexpected ‘)’ in /home/content/p/r/o/prongpower/html/wp-content/themes/twentyfifteen/functions.php on line 1

    Malware was still in the file, with a leading ‘)’ causing the error.

    I resolved by restoring a clean file from backup.

    malware infected file available by request if it helps your troubleshooting.

Viewing 9 posts - 1 through 9 (of 9 total)