GreywolfComputer
Forum Replies Created
-
I’m noticing the same thing on multiple sites. They are mostly image files. But, in the site I’m currently looking at, htaccess is excluded, along with a php file and a css file. I noticed a couple days ago that a site had multiple files in the exclude box. I don’t remember adding any of these files to exclude.
When I made the move from 1 shared hosting plan to their own plans, I moved some sites to regular hosting. Some I moved to Managed WordPress hosting. In looking back through the history of alert emails I received notifying me of the failed logins, I noticed that the regular hosting accounts never get the attempts from private IPs. Only the websites on managed wordpress hosting get the attempts from private IPs.
The ones from the last few days have been on one website (It appears they gave up on the other sites) and the IPs are all varying IPs in the ranges of:
10.x.x.x
172.16.x.x
192.168.x.xWill send the screenshot.
This might help, since it might be a “fail” of code attempting to do what was happening to my sites.
My htaccess file was getting written back to default on several websites on the same host. WordPress reported modified nav-menu files, which I corrected and did extra scans for infections. After I thought everything was clear, it continued to happen. More scans, including scanning files outside wordpress and scanning picture files as executable found more. Two of the files were infected image files. Using the date of infection, I found additional modified files. (I still don’t know how the original infection occurred.)
The code resetting the htaccess was mostly in the nav-menu and chmods the index.php and htaccess files to 644 and then back to 444. I’m not entirely proficient in php, but it also appears to read the directories and send files to a remote server.
Forum: Fixing WordPress
In reply to: How do i change the image path file when uploading onto WordPressIf you want to make a temporary admin user for me and email the username and password to [Email redacted], I’ll check to see if I can see the problem. It might be something at godaddy or something in your site.
Forum: Themes and Templates
In reply to: [GeneratePress] Can't Turn Of Comments On 1 PageYes. I’ve sent a support request to MotoPress. Thanks for your help.
Forum: Themes and Templates
In reply to: [GeneratePress] Can't Turn Of Comments On 1 PageI activated one of the default themes (2013) and disabled all plugins but security plugin and the problem still exists.
Forum: Themes and Templates
In reply to: [GeneratePress] Can't Turn Of Comments On 1 PageI suspect this is Motopress. Not sure. I’m also contacting them. I sent your login info from the site when I created it the other night: bigjohnsauto.net
Forum: Themes and Templates
In reply to: [GeneratePress] Can't Turn Of Comments On 1 PageYes. I will. I found where the problem is originating, by testing with creating new pages. But, I don’t know if it’s the theme or MotoPress that is the cause.
Creating a new page and going straight to MotoPress before turning off comments sometimes causes this. But, that’s not the cause of this page.
At first, I found a “template” line in the motopress lines for the last “All Inventory” grid. I removed it and it didn’t make a difference.
Notice, too, that in the “All Inventory” section, the “1972 Ford LTD” post doesn’t show, even though it shows in the “Featured” and “Latest Cars” section.
What DOES make the comments section get added to the page is when the the number of posts to put in the grid is larger than 8 AND the sort order is Ascending.
I’ll create a user for you.
Forum: Themes and Templates
In reply to: [GeneratePress] Can't Turn Of Comments On 1 PageI just checked 3 sites (only 1 has the smart mode plugin) that I got emails on today and none of them have the login attempts that were mentioned in the emails. After some more testing tonight, I’ve now confirmed that the “failed attempt using an invalid username” stop being displayed if that “Immediately lock out invalid usernames” checkbox is checked. With that checked, the only logins being shown are the actual usernames that are legit. The downside to it is that if I want to block the IP or range that it is being attempted from, I have to copy the IP out of the email and then go to the affected site to enter a manual block. I’d rather it worked like the logging does without the checkbox enabled.
Plus, I’ve noticed tonight that several attempts from at least one of the sites didn’t generate a warning email. The behavior of this plugin in general is somewhat uneven.
I think I have discovered an aspect of this that I hadn’t noticed before. I think the “Logins/Logouts” tab only updating with my username coincides with the time of checking to enable the “Immediately Lockout Invalid Usernames” box. I receive the emails notifying of the lockout, but the visit isn’t in the tab. This appears to be across all sites.
Also, I THINK, but not 100% sure, that the checkbox might be getting cleared during 1 or more updates to the plugin. I was reasonably certain I had all of the sites set with that option and I have had to reset it on 2 sites.
I believe the first one was Easy Pie Maintenance Mode. The one in place now is Smart Maintenance Mode. The plugins I removed before the logins/logouts started showing failed attempts were the WordPress Importer (I remembered why it was there; I used it to import demo content for the theme) and WordPress Mobile Pack.
I couldn’t get java console to open on the websites. None of them. The only place the java console will open for me is on the java.com verify page.
I did some testing with the first problem and I discovered the reason things changed. The first site was just a basic landing page with a pic of the company building until I put a “maintenance mode” plugin on it so I could build the site. At the moment, I don’t remember the name of the plugin. Then, when I had the problem, I removed all the plugins and testing themes to get things back to minimal, installed the theme I want to use, reinstalled the plugins like Akismet, Jetpack, etc. I had also changed to a different “landing page” using a different maintenance mode plugin from the first one. Apparently, that’s when Wordfence stopped updating. The reason it was still sending me alerts to login attempts via email is they were accessing the page directly, which wasn’t being logged by Wordfence. But, the invalid user/attempt was being caught and the email sent. I removed a deactivated plugin today and a wordpress importer plugin that I don’t remember putting there. (I think it was a godaddy thing) and updated the form plugin that came with the theme. After that, a failed login showed up when I attempted from a location about 30 miles from me. As for the “all hits” in live traffic, it only shows when I turn off this landing page plugin that uses maintenance mode.
I haven’t looked more at the second site, yet.
I just discovered that another of the websites with WordFence stopped updating “Logins/Logouts” tab with failed attempts about 5 days ago. It still shows other hits, but I’m wondering if these two issues are related.
