Title: Eli's Replies | WordPress.org

---

# Eli

  [  ](https://wordpress.org/support/users/scheeeli/)

 *   [Profile](https://wordpress.org/support/users/scheeeli/)
 *   [Topics Started](https://wordpress.org/support/users/scheeeli/topics/)
 *   [Replies Created](https://wordpress.org/support/users/scheeeli/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/scheeeli/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/scheeeli/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/scheeeli/engagements/)
 *   [Favorites](https://wordpress.org/support/users/scheeeli/favorites/)

 Search replies:

## Forum Replies Created

Viewing 15 replies - 1 through 15 (of 2,028 total)

1 [2](https://wordpress.org/support/users/scheeeli/replies/page/2/?output_format=md)
[3](https://wordpress.org/support/users/scheeeli/replies/page/3/?output_format=md)…
[134](https://wordpress.org/support/users/scheeeli/replies/page/134/?output_format=md)
[135](https://wordpress.org/support/users/scheeeli/replies/page/135/?output_format=md)
[136](https://wordpress.org/support/users/scheeeli/replies/page/136/?output_format=md)
[→](https://wordpress.org/support/users/scheeeli/replies/page/2/?output_format=md)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] False Positive Database Injection](https://wordpress.org/support/topic/false-positive-database-injection/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [2 weeks, 4 days ago](https://wordpress.org/support/topic/false-positive-database-injection/#post-18914146)
 * LOL, that’s funny how there is more than one way to interpret that name. However,
   I still don’t understand why my plugin would detect that in your Database because
   the review is on WordPress.org and should not be in the content of your website.
 * I tried to recreate this and it does not find anything on my site after installing
   that Post SMTP plugin. If this was a DB Scan can you please send me the DB content
   that was detected. Ideally a text export of that record in the offending table
   from your DB, or else just copy and paste the full text from that record and 
   let me know what table it was found in.
 * If you can send me an example of this text then I can confirm that it is in fact
   a False Positive and then update the definition so that it is not misidentified.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] When Were The Last Updates](https://wordpress.org/support/topic/when-were-the-last-updates/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [3 weeks ago](https://wordpress.org/support/topic/when-were-the-last-updates/#post-18910395)
 * Yes, I have not kept up with my blog post for over 10 years, but I do update 
   the plugin code whenever I have a new feature or a bug fix (or whenever it needs
   to be updated to maintain compatibility with current releases of WordPress or
   PHP, which is not very often).
 * I also add new definition updates whenever I find new threats that are not found
   with the current definitions. This usually comes in waves and can be anywhere
   from a few per day or several days without seeing anything new. I just added 
   one this morning but the last one before that was several days ago.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] 507 Insufficient Storage](https://wordpress.org/support/topic/507-insufficient-storage/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [1 month ago](https://wordpress.org/support/topic/507-insufficient-storage/#post-18901157)
 * Thank you for reporting this error. However, I was unable to recreate this issue
   and it does not actually look like it is being caused by my plugin at all. From
   the technical details provided I can see that there are certainly quite a few
   queries generated by my plugin that have been stuck in the queue for a few hours,
   but they all have the status of “waiting for table lock”, and the older queries
   in the queue which are the cause of the table lock are not from my plugin. Those
   queries that have started the table lock issue start with:
 *     ```wp-block-code
       SELECT  wp_posts.ID                     FROM wp_posts LEFT JOIN wp_term_relationships ON (wp_posts.ID = wp_term_
       ```
   
 * … but I cannot see the full query from this excerpt, so I cannot tell you who
   might have generated those queries. Perhaps the server support team can take 
   a closer look and tell you more about the actual cause of the table lock. They
   should also be able to offer some sort of workaround by setting query time limits
   or some other so that one rogue query does not lock a table for hours thus preventing
   other plugins like mine from querying the same table.
 * Please let me know if you have any other questions or inf you get more info from
   your server support that you want to share on this issue.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] GOTMLS Missing This Malware](https://wordpress.org/support/topic/gotmls-missing-this-malware/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [1 month, 3 weeks ago](https://wordpress.org/support/topic/gotmls-missing-this-malware/#post-18882996)
 * There is no way for me to tell what that is from just seeing the folder names.
   If this is some new kind of threat then I will need to see the code in the files
   so that I can add it to my definition updates. Can you please send the files 
   directly to my email: eli AT gotmls DOT net
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] Question regarding LLM Bots](https://wordpress.org/support/topic/question-regarding-llm-bots-2/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [2 months, 1 week ago](https://wordpress.org/support/topic/question-regarding-llm-bots-2/#post-18865035)
 * No, that would be a personal choice that you would need to make on your own.
 * I find that Rewrite Rules in your .htaccess files are the best way to prevent
   most of your unwanted bots from scraping your site.
 * Cloudflare is also offering ways to mitigate bot traffic which would take the
   burden off of you and your server … [https://www.cloudflare.com/learning/ai/how-to-block-ai-crawlers/](https://www.cloudflare.com/learning/ai/how-to-block-ai-crawlers/)
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] Possible bug in GOTMLS plugin – paid features not saving](https://wordpress.org/support/topic/possible-bug-in-gotmls-plugin-paid-features-not-saving/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [3 months ago](https://wordpress.org/support/topic/possible-bug-in-gotmls-plugin-paid-features-not-saving/#post-18843418)
 * Thanks for following up on this.
 * The screenshot is Interesting because it shows that your donation was found by
   the external registration script, but it looks like the problem still revolves
   around the internal calls to the admin-ajax.php file on your server. You said
   that you get a 404 error when you try the admin-ajax URL without any parameters
   and this is not what should be happening on a working installation of WordPress.
   Without passing any URL parameters you should just get a blank white page with
   a 0 in the top left corner. Maybe you have some other plugin that is blocking
   that URL or there is something else that is redirecting your browser to the 404
   page?
 * I tried to check your site from my end, but I could only guess at which site 
   you are having this issue with, based on your email and the first and last digit
   of your key. I tried the admin-ajax.php URL on arn****vi.h* but I get the expected
   0 on the page and not a 404 so either you have fixed it or I have got the wrong
   site. If you are still having trouble can you contact me directly and provide
   the URL so that I can see was I get on my end?
 * eli AT gotmls DOT net
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] 2 strange issues](https://wordpress.org/support/topic/2-strange-issues-2/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [3 months, 1 week ago](https://wordpress.org/support/topic/2-strange-issues-2/#post-18835393)
    1. Thanks for reporting this issue to me. I have asked the WordPress Plugin Repository
       support team and they said that this is currently a wide-spread issue that they
       are aware of and working on here is the link they provided to track their progress
       on this issue: [https://meta.trac.wordpress.org/ticket/8182](https://meta.trac.wordpress.org/ticket/8182)
    2. I’ve heard from some users that MalCare has occasionally flagged issues on sites
       that later appeared to be clean, with the reported problems resolved after payment
       but without clear details on the underlying cause. If they’re able to provide
       specific information about the detected issue, please feel free to share the
       affected or flagged files with me. I’ll review them using my current malware
       definitions and, if a legitimate new threat is identified, I’ll make sure it
       is added to future definition updates so the plugin can detect it going forward.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] Anti-Malware from GOTMLS.NET not found in WordPress Add plugin](https://wordpress.org/support/topic/anti-malware-from-gotmls-net-not-found-in-wordpress-add-plugin/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [3 months, 1 week ago](https://wordpress.org/support/topic/anti-malware-from-gotmls-net-not-found-in-wordpress-add-plugin/#post-18835388)
 * Thanks for reporting this issue to me. I have asked the WordPress Plugin Repository
   support team and they said that this is currently a wide-spread issue that they
   are aware of and working on here is the link they provided to track their progress
   on this issue:
 * [https://meta.trac.wordpress.org/ticket/8182](https://meta.trac.wordpress.org/ticket/8182)
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] Found Database Injections – NCTC7 “<script*settimeout(](https://wordpress.org/support/topic/found-database-injections-nctc7-scriptsettimeout/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [3 months, 2 weeks ago](https://wordpress.org/support/topic/found-database-injections-nctc7-scriptsettimeout/#post-18831149)
 * Thanks for sending me this code. I see where you are call in this JS timeout 
   in the admin_footer hooked function, but I guess my real questions was: why are
   you putting all this code into the DB?
 * It is not uncommon for DB entries that contain code to be manipulated by hacker
   to execute malicious code snippets, that is why WPCode Snippets can be so dangerous.
   While there is no direct exploit that I am aware of within WPCode itself, I have
   know many instances of hacks utilize WPCode Snippets to execute they malicious
   payload. Maybe they used other vulnerabilities to get their bad code into the
   DB (which is sometimes easier than injecting executable code into php files) 
   but any code recorded in the database would not be executable or dangerous with
   a plugin like WPCode to eval and run those code snippets.
 * So, getting back to my original line of questioning: Would you be able to put
   all this PHP code into a file, like in mu-plugins or something like that so that
   it’s not executed from within your DB? I feel like that would be more secure 
   overall anyway.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] Found Database Injections – NCTC7 “<script*settimeout(](https://wordpress.org/support/topic/found-database-injections-nctc7-scriptsettimeout/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [3 months, 2 weeks ago](https://wordpress.org/support/topic/found-database-injections-nctc7-scriptsettimeout/#post-18830886)
 * Sorry for not specifying how to do that in my last reply… If I had then I might
   have realized that this option is not available in your case because these are
   listed as database injections and only files can be whitelisted, not DB records.
 * Not the best solution but you could just uncheck “database injections” under **
   What to look for**, but then the scan might miss some real DB injection if there
   ever are any.
 * Can I ask why you are putting this script timeout to refresh the page in a database
   record in the first place and not putting more securely into a script file that
   is included in the code?
 * Maybe there is a better way to code this so that it does not appear as a threat.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] Found Database Injections – NCTC7 “<script*settimeout(](https://wordpress.org/support/topic/found-database-injections-nctc7-scriptsettimeout/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [3 months, 2 weeks ago](https://wordpress.org/support/topic/found-database-injections-nctc7-scriptsettimeout/#post-18827665)
 * In this case ,since you know that scripts found in the database are intentional,
   I would suggest that you simply whitelist each of those code snippets the next
   time they are found in the DB scan. Then they should not come up again unless
   they are altered, in which case you can review the code again to make sure the
   the change was intentional and then whitelist the new code changes again.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] Possible bug in GOTMLS plugin – paid features not saving](https://wordpress.org/support/topic/possible-bug-in-gotmls-plugin-paid-features-not-saving/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [4 months, 1 week ago](https://wordpress.org/support/topic/possible-bug-in-gotmls-plugin-paid-features-not-saving/#post-18800570)
 * This is not a know issue and it sounds to me like the only problem is that the
   wp-admin/admin-axaj.php file will not load. The wp-admin/admin-axaj.php file 
   is not part of my plugin so I see two tests that you can perform quite easily
   to determine how to proceed. First see if you can load the wp-admin/admin-axaj.
   php URL in your browser directly (both with and without those parameters after
   the Question mark).
 * If it will not at all, even without and parameters being passed then the file
   might be corrupt or there is something on your server that is blocking URL.
 * If it will load without parameters but not with the QUERY_STRING that my plugin
   needs then try removing parameters one at a time until you find the one that 
   is causing it not to load. Then we can try and figure out why that parameter 
   is a problem for your server.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] False Positives in Google SiteKit](https://wordpress.org/support/topic/false-positives-in-google-sitekit/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [5 months, 2 weeks ago](https://wordpress.org/support/topic/false-positives-in-google-sitekit/#post-18766939)
 * It looks like they released some new code a few weeks ago that includes a new
   email template library which uses variable functions. It’s really hard to figure
   out what these functions might be because of the way they are setting these variables,
   so it falls under code obfuscation, which is not really allowed in the WordPress
   plugin repository, but this is a popular plugin so I have whitelisted it for 
   now. I may revisit this later to try to figure out what these variables are being
   set to and make sure that the way they have included these new classes and templates
   is actually safe, but for now it should no longer come up as a Known Threat in
   the scan if you download the latest definition updates.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] Repeated WP 6.7 Notice Regarding Textdomain Loading Timing](https://wordpress.org/support/topic/repeated-wp-6-7-notice-regarding-textdomain-loading-timing-2/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [5 months, 4 weeks ago](https://wordpress.org/support/topic/repeated-wp-6-7-notice-regarding-textdomain-loading-timing-2/#post-18753048)
 * I have had only one other report about this and I have been unable to recreate
   this issue. Can you please tell me more about your WordPress installation so 
   that I can try to replicate the same circumstances that you have which will cause
   this error to reviele itself?
 * Are you able to recreate this issue on more than just one domain?
 * If you deactivate all other plugins is this error still triggered?
 * do you have any mu-plugin files, if so then can you please share those with me?
 * You can send me any personal data that you don’t want to post on this public 
   forum directly to my email: eli AT gotmls DOT net
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] More than 24 hours to scan?](https://wordpress.org/support/topic/more-than-24-hours-to-scan/)
 *  Plugin Author [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [6 months ago](https://wordpress.org/support/topic/more-than-24-hours-to-scan/#post-18749440)
 * Innanzitutto, c’è qualcosa che non va se la scansione impiega così tanto tempo.
   In generale, una scansione completa non dovrebbe durare più di un’ora, nemmeno
   su un sito web di grandi dimensioni. Se sono presenti molti plugin o se ci sono
   molti altri siti web installati in sottocartelle nella directory principale del
   sito, la scansione potrebbe richiedere più tempo, ma di solito questo è indice
   di un numero elevato di errori di scansione o di un problema critico del sito
   web che ne causa il blocco o un rallentamento eccessivo. In condizioni normali,
   la scansione dovrebbe elaborare ogni cartella in meno di un secondo, impiegando
   solo pochi secondi in caso di problemi con uno o più file in quella cartella.
   Il sistema di scansione non è progettato per consentire a una singola cartella
   di impiegare più di 65 secondi senza che venga saltata con un errore o che la
   scansione fallisca. Pertanto, non è possibile che ogni singola cartella impieghi
   un’ora intera per essere scansionata.
 * È necessario lasciare la pagina aperta durante l’esecuzione della scansione, 
   altrimenti il ​​processo si interromperà e sarà necessario riavviarlo. A questo
   punto, sembra che sia comunque necessario riavviare la scansione, e sarebbe opportuno
   monitorare attentamente la prima parte del processo, in particolare quando viene
   visualizzato il messaggio “Preparazione in corso…”, per verificare se si blocca
   in qualche cartella potenzialmente problematica. Potrei avere un’idea più precisa
   della causa del problema se mi inviaste uno screenshot della scansione in corso,
   soprattutto dopo che è andata avanti per un po’. Se la prima scansione è ancora
   in corso, vi prego di acquisire uno screenshot ora, prima di chiuderla e riavviarla.
   Potreste anche consultare i file error_log sul vostro server per cercare eventuali
   indizi sulla causa di questo rallentamento. Inoltre, controllate la scheda Console
   nello strumento di ispezione del browser per verificare la presenza di errori
   nella pagina dei risultati della scansione.
 * Se avete dettagli che desiderate condividere con me e che potrebbero aiutarmi
   a risolvere questo problema, ma non volete pubblicarli su questo forum pubblico,
   potete contattarmi direttamente via email per ricevere ulteriore assistenza.
 * eli AT gotmls DOT net

Viewing 15 replies - 1 through 15 (of 2,028 total)

1 [2](https://wordpress.org/support/users/scheeeli/replies/page/2/?output_format=md)
[3](https://wordpress.org/support/users/scheeeli/replies/page/3/?output_format=md)…
[134](https://wordpress.org/support/users/scheeeli/replies/page/134/?output_format=md)
[135](https://wordpress.org/support/users/scheeeli/replies/page/135/?output_format=md)
[136](https://wordpress.org/support/users/scheeeli/replies/page/136/?output_format=md)
[→](https://wordpress.org/support/users/scheeeli/replies/page/2/?output_format=md)