Eli
Forum Replies Created
-
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] LSCache and CloudflareYou can go to the wp_options table and change the autoload field from “yes” to “no” on the record with option_name of “GOTMLS_definitions_blob” but that not make you site any faster (in fact it will slow down the scan quite a bit and it might make the site slower to not autoload some values).
Also, just to clarify, it is not producing the “largest amount of queries to autoload”. Autoload is a single query and makes loading all those option values much faster by loading them all in one query than the time it would take to run a separate query for each one of those rows. The option_value for the GOTMLS_definitions_blob might be around 367231 bytes in size and that might seem like a lot when compared to most option_values (which tent to be only single short string that are usually under 100 bytes) but it really still only about 360kb and that’s still only about 1% of your standard PHP memory_limit of 32mb. So I strongly advise you to keep calm and carry on and don’t let some other “clean up” type plugin worry you about an autoload value that might be a few hundred KB 😉
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Not Finding MalwareCan you please provide me with a link to at least on of these infected site so that I can see what you are dealing with here?
If you don’t want to post that info publicly then you can send it to me directly:
eli At gotmls DOT netThere is nothing it my plugin that generates a 503 response or that would stop those other two plugins from running their scan.
A 503 message is usually generated from the web hosting server. I would ask your hosting provider to explain why those scans are responding with 503 errors. They may have setup a firewall or some other limitations on your hosting account.
Thanks for asking. It’s true that I have not added any new definition updates this year. I have been very busy, yet I have not seen any new threats emerge in over two weeks. I doubt all the hacker just went all vacation, although this thought is very amusing and there could be some small element of truth there. There also might be less new threats getting reported by victims because they themselves are on vacation.
In my experience there are natural lulls and surges in the release of new threats. I have learned to just go with the flow, releasing large batches of updates when new threats are rampant, and taking a respite to focus on other projects when there is a lull. Rest assured I will be ready to update the definitions just as soon as I catch a glimpse of any newly emerging threats 😉
Thanks so much for reporting this issue. As it turns out my certificates stopped auto-renewing after the last time I moved my site to a new server. So this issue was actually caused by an expired SSL certificate on my end. I have just renewed it and installed the new certificate and it looks like it is working fine now.
Please confirm that it is work now on your end and let me know if you have any more trouble 😉
Thanks again for bringing this issue to my attention.
Can you please send me those JavaScript files that you know are not a threat so that I can update my definitions?
You can send them as attachments directly to my email:
eli AT gotmls DOT netThank you for contacting me directly so that we could troubleshoot this issue. I believe that this was caused by cookie or a cached redirect which is why I suggest clearing you cache and deleting any cookies for your site if this were to happen for unexplained reasons. I suspect that the cache and/or cookies on your end eventually expired which is why it started working again all on it’s own.
Please let me know if it happens again and I will be happy to help you troubleshoot further.
Aloha, Eli
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Miscellaneous code foundThanks for sending me that file. There was a lot more that that file then I thought. It turns out this was a new variant of an old threat which I have now updated in my definition. Please download the latest definition update and run the Complete Scan again to find and fix this threat using my plugin.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Service unavailableCan you please send me a screenshot with the Network tab open in your browser’s Inspector on that page so that I can see what is not loading?
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Miscellaneous code foundOk,
For future reference, the Quarantine is just a record of the prior infection so it is completely safe to keep that info in case it might help in future investigations. Also, my email link is on the right of the Anti-Malware Settings page in your wp-admin but you can send me that file at this address 😉
eli AT gotmls DOT netForum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Service unavailableIf this was not just a temporary outage and you are still getting this message then I would concur that there is something wrong on your end, probably something in your browser that is blocking the updates. Check the Console in your browser’s Inspector to see if there are any JavaScript or security errors. If you still need more help with this then please post the error message or a screenshot so that I can look for what might be causing this issue for you.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Miscellaneous code foundThanks,
I think that the really bad stuff in that eanrf.php file was probably already removed if that code you posted is all that’s in that file. If there is more in there that you didn’t post here then you should send me that file so that I can see why it was missed. If it was one of the files that was already cleaned then you could send me the original contents of that file (found in the Anti-Malware Quarantine if you cleaned that file using my plugin).Either way you can probably delete that file just to be sure 😉
Hi Dave,
Still no answer from WP Rocket?Sorry I didn’t write back earlier on this but I have not heard of any issue with WP Rocket that cause the re-infection issue that you have been having.
If you have any new developments in your situation or have found a solution then please post an update here and I’ll follow up.
Aloha, Eli
Hi Dave,
I have not been able to recreate the timeout issue that you are having when you upgraded to PHP 7.4. To be clear, the Quick Scan will usually timeout on large sites or if your server resources are limited.The Complete Scan stays on the Scan results page and loads multiple calls to the admin_ajax.php script. These are generally smaller scan tasks that should only take a couple of second each, at most. If any of them are timing out after 60 seconds that is usually an indication of of a problem on the server or a problem that the plugin is having in scanning that particular sub-directory. When I run the Complete Scan on one of my large sites with PHP 7.1 I get only a couple of timeouts out of hundreds of quick and successful ajax calls. When I upgraded to PHP 7.4 I do get a couple more but still around 99% of all the ajax calls go through successfully in just a couple seconds at most.
The line of cade that you are getting that timeout error on is the line that scans the current file’s contents using a number of regular expressions to look for malicious code. This is undoubtedly the most strenuous part of the scan process so it makes sense that it would timeout there if it were to timeout anywhere, but it should not be timing out a lot, and certainly not on every ajax call. Can you rerun your test and confirm how many of the ajax calls are timing out and how long, on average, it takes if they do return results?
As for the class-wp-http-netfilter.php file, if you can please send me that file in an email then I can investigate that further and get back to you.
Thanks for reporting this to me. Yes, it was safe to whitelist these, but I have just release a new definition update that fixes this False Positive so that these files will not be flagged as malicious in the future. Please download the latest definition update and confirm that they are no long flagged as a known threat.