quttera
Forum Replies Created
-
Thank you,
Try to whitelist your host server IP,
This can help to keep plug-in working with enabled Cloudflare.
Thank you for the update.
In general based on our experience Cloudflare servers (proxies handling http requests) behaving differently from server to server even the protected websites having identical configuration. This is what we see with our commercial products.
Please let us know if you found what exactly was blocked by Cloudflare.
Best Regards
Michael
Quttera TeamThe qtrOptions.php should be located in our plugin directory.
But this error means that WordPress’s core function “update_option” failed to store value for option “qtr_scan_cron_args”
But since the “QTR_FS_SNAPSHOT” constant is defined, the plugin actually should store “qtr_scan_cron_args” data on the file system.
Please try to investigate why WP-Cron system returns error 503?
The cron job invocation is done by the website domain name + URL + doing_wp_cron query parameter. It means that WP invokes this URL which goes back to Cloudflare (since domain name resolved to Cloudflare) and just then goes back to WP.Can you please check/compare the Cloudflare configuration of this and other blogs?
Without proper WP-cron functionality, the internal scanner won’t work.Do all three blogs run/hosted under the same hosting account?
Can you please check if you have any local .user.ini or .php.ini files per blog?
Thank you.
Thank you for the provided information.
Based on these logs, there is some issue to register WordPress cron-job callback and callback parameters
“””
ERROR Failed to update option qtr_scan_cron_args
“””Can you please check if you see anything in the PHP error log?
The FS_SNAPSHOT flag means the plugin will keep scanner metadata on the host file systems and not in the backend database.
But based on the error, WordPress still tries to store this metadata into the database.
This error coming from file qtrOptions.php line 195Thank you for the provided details.
Internally, scanner job is based on WordPress cron functionality which is invoked periodically when WordPress handling HTTP requests (for example someone visiting the website).
Can you please check if these blogs have cache enabled? If yes please disable the it as cache may impact cron functionality.
Another question, can you please check plug-in directory and see if scanner was able to start/create any log file?
Best Regards
Michael
Quttera TeamCan you please let us know if the provided suggestion worked for you, thus others can use it as well?
Thank you,
Quttera TeamHello,
Can you please change PHP define instruction
define(‘QTR_FS_SNAPSHOT’, true);
to
define(“QTR_FS_SNAPSHOT”, true);
Do you see the same error?
Also, which PHP version are you using?
Hello,
Based on the report you have modified WordPress core files as well as alien files added to WordPress core directories (these files should not be there).
Can you please send archive (zip/tgz) including the following files to support[at]quttera.com for further investigation
wp-includes/functions.php
wp-includes/.htaccess
admin/view/javascript/d_shopunity/library/codemirror/mode/julia/index.html
system/library/xlsxwriter.class.phpPlease mention the website’s domain name
Our malware research team will investigate these files and will share the verdict
Best Regards
Hello, most of files detected as potentially suspicious are clean.
Can you please send us (support[at]quttera.com) the following files for further investigation
FILE: wp-content/plugins/wpforms-lite/assets/images/empty-states/no-entries.svg FILE_MD5: a438a632568e99f5908b1deec48ed29d SEVERITY: enMaliciousThreatType ENGINE: fscanner THREAT_SIG: 8d2ddbb4317298c4dd7d906763dfb85c THREAT_NAME: Heur.JS.Encoded.gen THREAT: 01.028.011.028.012.028.005.011.008.016.007.013.008.015.007.0… DETAILS: Malicious obfuscated JavaScript threat (JS Trojan Downloader) FILE: wp-content/plugins/wpforms-lite/vendor/mk-j/php_xlsxwriter/xlsxwriter.class.php FILE_MD5: 6a7b2891cacfc168eadbc4d1e193d2fe SEVERITY: enMaliciousThreatType ENGINE: fscanner THREAT_SIG: ea818234bd45260819f343124a2b49bd THREAT_NAME: Heur.PHP.Hexa.gen.4e THREAT: $v[0].$v[0].$v[1].$v[1].$v[2]…. DETAILS: Detected malicious PHP obfuscationBest Regards
Quttera teamDuring the execution of the server side scan, the plug-in check WordPress core directories on existence of alien files as well as verify core files integrity comparing core files hashes with information retrieved from WordPress API.
Every alien file or modified core file reported as suspicious in the scan report.
Quttera Team
Hello,
The issue could occur due to some error accessing WordPress backend database.
Please add the following PHP directive in wp-config.php file and run the internal scan once again.
define(‘QTR_FS_SNAPSHOT’, true);
This will force the plugin to keep the investigation snapshot as a file and not as an option in WordPress database.
Thank you for the question
Threat Heur.AlienFile.gen means that plugin detected an alien file in a WordPress core directory where it should not be.
In this case (wp-admin/php_errorlog) is PHP error file probably generated due to some errors in admin dashboard
Threat Heur.CoreFile.gen means that the known WordPress core file has a different signature/hash relative to the data/(files signatures) retrieved from ww.wp.xz.cn. Sometime this points to modified/infected core files.
In this case, it seems that twentytwentyone theme either has not been updated or didn’t match to official hash values.
Please update all themes in this WordPress setup.
Thank you for reporting this issue.
We would like to install the plugin on our side and investigate it properly.
We didn’t find a plugin with the exact name woocommerce-pdf-invoice but there is a plugin
https://ww.wp.xz.cn/plugins/woocommerce-pdf-invoices/
Is it the correct one?
The issue had been closed