intarwebsdeveloper
Forum Replies Created
-
…
- This reply was modified 3 years, 11 months ago by intarwebsdeveloper. Reason: error
One interesting thing I noticed is that these Logged out events get logged immediately after a failed login attempt by the same IP address.
Forum: Plugins
In reply to: [Hide Price Until Login] Error when used with WooCommerce SquareI’m also getting the same issue as @liquidclicks with the Product Visibility by User Role for Woocommerce plugin. Keep getting:
Error Thrown
Cannot use object of type Hide_Price as arrayI was able to stop the directory from being deleted by checking the user ID before the user’s files can get deleted. So far so good.
The did notice a clue that is in the first error log that showed up. The file path that rmdir() is trying to remove was ‘(/home/networ41/public_html/wp-content/uploads/ultimatemember//)’. There are two slashes at the end of ultimatemember and it looks like there is a user ID missing in between the slashes.
So somehow, the remove_dir() function got called and a user ID was not passed and that allows the directory path to end with //, and which a server would interpret as removing the whole parent directory.
I went over the cron job and the wp_delete_user() function is used twice. When wp_delete_user() happens, does that also trigger the UM delete_user_handler() function?
I going to run some tests and customize some core files to make it so the directory path in the remove_dir() function won’t return with a path that ends with // and see if that stops this from happening.
- This reply was modified 5 years ago by intarwebsdeveloper.
@missveronicatv The cron job is still being reviewed, there is a lot to go through.
One thing I forgot to mention is that this same issue started happening a little over a month ago. I turned off ModSecurity in cPanel and I thought that fixed it because it stopped happening for a couple weeks. Then the files started disappearing again just a few days ago and ModSecurity is still turned off.
@missveronicatv I will review the cron job.
@missveronicatv The cron job is not added in cPanel, it’s added in WordPress with the ‘WP Crontrol’ plugin. Should it be added in cPanel instead? Does it make a difference?
@missveronicatv Sorry, I posted an edited error log (I removed the IP where is says [IP-ADDRESS]). The IP address that was removed was the IP for the server that the website is hosted on, not the Azure IP. Here is the unedited error log without anything removed:
2021-05-25 15:40:41.714476 [NOTICE] [43070] [70.32.23.61:41030#APVH_networkcsc.com:443] [STDERR] PHP Warning: rmdir(/home/networ41/public_html/wp-content/uploads/ultimatemember//): Directory not empty in /home/networ41/public_html/wp-content/plugins/ultimate-member/includes/core/class-files.php on line 1199@missveronicatv I will definitely follow up and try to find out. Is there anything specific I need to ask? Are you for sure that this IP is related?
@missveronicatv The Ajax request is what it is. The web browser string is indeed my browser.
I found more information about that IP that I’ve been trying to block. This what the other developer that I’m working with said:
We have an azure webhook that hits the site every 5 minutes, that’s what this IP is for. The webhook hits the site every 5 minutes to make sure the cron doesn’t get missed.
I’ve unblocked this IP.
@missveronicatv I’m noticing something very strange when I’m checking the access logs. My IP address keeps showing up at certain timestamps and I’m 100% positive that I am not logged into the site or have the site open in a browser.
I looked more into the Azure IP (168.62.248.37) and it’s returning as a VPN connection and is 65% suspicious. What could possibly be happening? Have I been hacked?
@missveronicatv I blocked the IP in cPanel.
@missveronicatv The Wordfence log does not show the IP. Wordfence says zero blocks so far.
@missveronicatv
I just checked the access logs and the IP I tried to block with WordFence is still showing up in the log.