mongobongo
Forum Replies Created
-
Thank you
đ
Thank you for supporting your product !
đ
Oh thank you!
Did not know if that was normal or not, i.e. that you can upload a file to a directory that does not exist ??
So from what you have said, just by someone making a request to a webserver running php, is that the file will be accepted, put into the tmp directory and then processed accordingly ??
Thanks
- This reply was modified 5 years, 7 months ago by mongobongo.
Sorry, thought your URL above was referencing
Ive also read the URL
Repeating myself, we do not have plugin installed, anywhere, however you can see from the screenshots I posted above they are targetting connector.minimal.php …….
Hi!
The blog page you linked me to was the first thing I read before I came to post at the forum.
The blog only speaks about if the plugin is installed on a users server (will have to check if the article has been updated). As explained previously, we do not have the plugin installed on the any of the domains on the server.
I am attaching screenshots relative to three different domains as you have requested.
https://i.imgur.com/2e6OPng.png
https://i.imgur.com/HK1Z3PO.png
https://i.imgur.com/kmG8WfA.png
https://i.imgur.com/rmvHhCK.png
https://i.imgur.com/6BGfUnF.pngThanks
- This reply was modified 5 years, 7 months ago by mongobongo.
Thank you, I will work my way through those resources.
That this issue only occured after 19/09/2020 which was very close to the time that the “WP File Manager” exploit was published does not entirly fill me with confidence that I will get to the bottom of whats happening.
Also the fact that according to the WF log that the intrusion is being directed at a non existant directory/file that is responsible for the “WP File Manager” exploit, just doesnt sit right with me.
Hi!
Have experienced similar/same issue with OP.
WordFence inform us that it has blocked “domain.com/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php” and was blocked by firewall for a Malicious File Upload in file: upload=1rmpoli5hzo7x6l.php
However, such a directory does not exist. “WP File Manager” is not installed and WordPess is not installed in the root directory but in a sub-directory.
However, after several attempts, a file is written to the /tmp directory of the domains root and the antivirus deletes a file.
The file is identified as “Backdoor:Win32/Dirtelti!ml” and is named phpXXX.tmp
The AV only started to be triggered by these events since 19/09.
This is happening across several domains, non of the domains have “WP File Manager” installed.
Server details
Windows Server 2012 R2 fully patched.
Plesk is fully patched with latest version and Plesk security features for the protection of the file system are turned on.
WordPress on the site is the latest version.
All plugins are latest version.
Have no idea how hackers are manipulating a non existant directory/plugin to upload malicious files!
Forum: Plugins
In reply to: [Polylang] Polylang + Divi bug in the builderGlad you found a workaround!
I am not skilled enough to follow what you have done.
Hopefully the author will fix this issue.
If the author values there prospective future clients then they should monitor these threads.
But who knows …..
Forum: Plugins
In reply to: [Polylang] Polylang + Divi bug in the builderProbably experiencing other side effect of this “bug”.
If I attempt to clone a page in a different language, lets say Greek. When I attempt to select the page to clone from that is in English, the only results that are returned in the divi search results for current pages are those pages that in Greek.
The same occur is I attempt to clone a page in English, only English results will be returned in the search.
As with yourself, dont know what the cause is and sound likes something needs to be ammended in the Polylang plugin with regards to its interaction with DIVI.
Or at least be forthcoming as to where the issue lays, as it may be something to do with what the DIVI developers have done ………
ΠαÏαÎșÎ±Î»Ï (your welcome)
đ
We own our thanks to
Emily (@cleanup)
đ
- This reply was modified 6 years ago by mongobongo.
For the Yoast support folks here ignorance is bliss……
Thanks ever so much to Emily (@cleanup)
For inadvertently providing the solution, where as the Yoast support staff only want you to buy the premium version.
From her post here
https://ww.wp.xz.cn/support/topic/yoast-seo-was-unable-to-create-the-database-tables-required-and-as-such-will-not/page/3/#post-12754511# (yes, another issue caused by the developers and solution offered by a volunteer)
The same fix applies also to the ‘text link counter’ issue.
So it seems as the following, on Windows platforms there is an underlying issue with how database prefixes are converted to lower case.
This is the cause of the issue and Emily suggestion is the fix to those of us are are having the ‘text link counter’ issue and have been fobbed off by Yoast ‘support’
Really hope that this get spidered so that other people can finally get the fix!
Thanks Emily, we are also hosting on a Windows server and indeed your guidance had ‘seemed’ to resolve the issue for me.
I say ‘seemed’ as I need to test this first, but after applying your ‘fix’ the database error message has gone.
Oh how nice of you.
Ignoring my request for support because its not the paid for version.
Marking this item as ‘Solved’ when it is clearly not.
And then the cheek to ask another person who is having the issue and is using the paid for software to open another thread.
Why dont you actually inform the developers of the software to ‘fix’ the issue, or get them to work with the people who are actually experiencing this issue such as myself …………
Why do you people mark such items as resolved when they are not ??
Is being resolved that I have decided to not purchase Yoast ?
As the free version is definitely not resolved.
Marking this as resolved is misleading
Thanks.
Hi,
1/ Had already done this but without using the plugin. So I also tried with the plugin as directed by the page you linked me to. However this made no difference.
2/ Although I did this I did not understand how this issue would be related to ‘Javascript errors’Regards having to purchase Yoast premium to resolve this issue thats not going to happen as this ‘feature’ is meant to work ‘as is’.
We will wait for future updates in the hope Yoast will fix this issue.
Thanks for your assistance.