Eli
Forum Replies Created
-
Your code looks correct and sessions are meant to be globally accessible to any code that needs to access them. There is nothing in my code that clears or erases the session so it should not conflict with your plugin. Can you please send me the full code from your plugin so that I can test it on my site and figure out where the conflict is?
You can email me directly if you don’t want to post it on this public forum:
eli AT gotmls DOT net
I gave you my email in my first reply but here it is again 😉
eli AT gotmls DOT net
Ok, so it’s working on one of your sites but not on another that is on the same server, same version of PHP and WordPress too. So it mus be something else that does not have to do with the hosting environment.
Maybe it is some other plugin that is conflicting with mine. Any similarities between site A and site C which are different from site B might be a helpful clue.
But the absolute biggest clue will be found in the details of the error message. Can you please check the error_log files on your server to tell me what the error actually is? This should provide answers to enable us to solve this problem.
Thank you for reporting this issue. I would be more than happy to help you resolve this but I will need some more information. I did just release a new plugin update yesterday and it might be possible that the new update has a conflict with something on your site but I have not received any other reports like this. I have also installed and tested this new release on a few of my own sites for testing and I have not been able to recreate the issue you have described. Can you please relay some more details about your situation so that I can try to recreate this error and fix it?
What version of WordPress and PHP are you running on this site?
Have you updated the plugin on any other sites and have they also had this issue?
Can you please check the error_log files on your server to see what the error actually is?
Please feel free to contact me directly if you need to convey any info that you don’t want posted on this public forum.
eli AT gotmls DOT net
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Handle Output BuffersFirstly, this is only a warning that the use of 3rd-party output buffer handlers “could” interfere with the scan, not that it absolutely will. So you will need to asses whether or h=not this particular OB handler is a problem for you.
Any custom OB handler that intercept the output on your wp-admin pages can affect the performance and even alter the output of those pages. Then other developers, like myself, can no longer guarantee that the output on our plugin pages is generated by our own plugin’s code. In other words, you are now dealing with a middle-man that can alter the results on the page beyond the original author’s control. I personally don’t think it is appropriate for anyone to invoke a custom OB handler on some other plugin’s wp-admin pages.
As for what you can or should do about this, it will require some testing on your side. First, you can just deactivate that Litespeed cache plugin temporarily, then run the Complete scan with that warning message gone to measure the baseline performance and output results from my plugin. Then you can re-activate that plugin and run the complete scan again to compare. If there is no difference then it may be alright for you to keep it enabled while running scans. You could also look for a way to disable any output filtering on your wp-admin URL within the settings of the Litespeed cache plugin, or ask the developers why they are invoking a OB handler in the wp-admin at all, as they are presumable using it for caching and you should never cache the wp-admin pages anyway (firstly because it could be a potential security risk to cache anything that a privileged admin user sees while logged into your wp-admin, and secondly because the wp-admin displays dynamic pages which would be ineffective and inaccurate if they were cached).
Please let me know if there is anything else.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Locked myself (my IP) outThere should be a way to unblock your IP but you would need to ask the developers of the plugin that has actually locked you out. My plugin does not use 403 errors to block IPs after too many login attempts, so it must be some other security plugin you have installed that is doing this to you.
Try logging in from another IP, maybe use your phone (on your mobile data, not wifi), then you can deactivate that other plugin that is causing this issue.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] 11657944: NO_SESSIONThis error means that your trying to login without a valid Session. My Brute-Force Protection requires the user to have a valid and persistent connection. It must have been working for you at some point or you would not have been able to activate the Brute-Force Protection.
The most common cause fro this error is that your browser has simply sat on the login page for so long that your session has timed out, or the page has been cached with an older session ID that has already expired. Try clearing your cache and refreshing the page first, then try to login again and it should work. You could also try logging in from another browser or a whole other computer that doesn’t have any sessions cached on it.
If that doesn’t work and your server has suddenly stopped being capable of creating and maintaining a persistent session then there are a few things that might be causing this. Check that the the server’s /tmp/ folder or session save path is not write protected and that the permission are right for your web-server software, and make sure that the partition is not full. You may need your hosting provider’s help with that.
If all else fails and you just want to disable the Brute-Force Protection so that you can login again then you can simply rem out the fist line in your wp-config.php file that conditionally includes the Brute-Force Protection file in my plugin, or you can completely rename or delete the whole gotmls folder from the plugins directory on your server.
Please email me directly if you need any further assistance with any of this:
eli AT gotmls DOT netYes, it is fully compatible with WordPress 6.1, and there are no connections or dependencies related to WooCommerce to worry about.
Thanks for your email. I have confirmed that this is a false positive and updated my definitions to exclude these files. Please download the latest definition updates and run the complete scan again to confirm that these files are no longer detected as known threats.
This plugin is not in the WordPress plugin repository. Can you please email me a copy of one of these files so that I can check it against my current malware definitions?
eli AT gotmls DOT net
Thank you for sending me those files. Yes, this is a false positive. I have just released a new definition update to fix this, so if you download the latest definitions then it should no longer come up as a known threat.
Thanks again for reporting this and for sending me the files I needed to clear it up.
This looks like a proprietary plugin that is not on the WordPress Plugin Repository, so I have no way of knowing what code is in that file or if it is malicious or not. Can you please download that file and send it direct to me as an email attachment so that I can investigate further?
eli AT gotmls DOT net
Forum: Plugins
In reply to: [EZ SQL Reports Shortcode Widget and DB Backup] php variable current user idMy best guess based on the description you provided is that your query might actually end like this:
AND post_author=<‘<?php $current_user->ID ?>’If not then there must be something else about your query that is including those additional results. Is there any way that you could let me see the whole query or the live report so I can get a better idea of what might be going on here?
You can email me with any private details that you don’t wan tto post on this public forum:
support AT supersecurehosting DOT comForum: Reviews
In reply to: [Anti-Malware Security and Brute-Force Firewall] Stay clearHi @anarane,
This review that you posted seems a little unclear to me. It sounds as though you might be accusing my plugin of causing a hack when the sole purpose of my plugin is to remove hacks. If this is what you are claiming then please provide more information to substantiate your claim. Also, if you are experiencing any problems with any kind of hack or infection I would be more than happy to work with you to find the true cause and fix the issue you are having. You can also contact me on my own forum or send me a direct email:
eli AT gotmls DOT netForum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Autoscan?Yes, the Quarantine does not re-release those threats if you deactivate the plugin.
My scanner does not identify threats based on file name (since you can name a file whatever you like and that does not make it good or bad) it detects the malicious code within the files. So, is my plugin not finding the bad code in these money.php, payout.php, and promo.php files or has it already removed the threat from these files? Can you send me some of these files as email attachments so that I can check them for you?
I don’t know what URL is being blocked by that NinjaFirewall plugin but you should be able to whitelist it in your wp-admin. Maybe you can send me the URL that is getting blocked and I can check it out?
You can email me those files directly and also any other details that you don’t want to post on the public forum:
eli AT gotmls DOT net