Eli

I am very sorry that you are having this issue. This bug was caused by a firewall update that I released about 25 minutes ago. I have just now released a fixed definition update but you will have to reactivate the plugin to download the latest definition updates and that will cause the issue to trigger again. Can you please try deleting all the GOTMLS definitions in your DB before you reactivate.

In PhpMyAdmin you can run a query like this to purge the old updates:
DELETE FROM wp_options WHERE option_name LIKE ‘gotmls_definitions_%’

A 504 Gateway Timeout error on your Nginx server could be generated for any number of reasons. This error is probably caused by the PHP max execution time limit or by the FastCGI read timeout settings on your server.

Try increasing all the values in the /etc/nginx/conf.d/timeout.conf file that end in “_timeout” (like proxy_read_timeout and send_timeout).

If you don’t have direct access to the server configuration files then you should take this issue up with your hosting provider and have them look into it. They might also get more information that could pinpoint a specific cause in the server’s log files.

Great! I’m glad to hear that you got it working 😉

As I said before:

you need to download the latest definition updates and then my plugin will remove this threat for you automatically.

Yes, this is a false positive for a threat definition that I released last night. I have already released a new definition updates this morning which fixes this false positive and correctly detects the new threat that it was meant for.

Thanks you for submitting this info and please feel free to let me know if you have any further questions.

@mehrdadmraad,
I understand that you used my plugin to remove some threats but felt that you were still infected. However, when I run the re-scan feature on sucuri it says that your site is now actually clean.

Can you please confirm, is this still an issue for you or is this problem actually resolved?

I just wanted to respond to this to clarify a few points. I’m not sure if it will make a difference to you personally or if you will want to pursue any of the solutions I present here but I thought that it might at least shed some light on your situation and that could at least help someone else dealing with the same issue.

First off, the message that relayed here is a “PHP Notice” not an “error”, and it is not associated with any version of WordPress at all. This notice is not generated by WordPress or even by my plugin but rather by the newer version of PHP that you are running on your server (probably PHP 7.2).

Furthermore, if your server was setup correctly (as a production server should be) than you would not even see this notice or any other minor notice generated by all the other usages of deprecated function. There are even some core files in WordPress 5.0.2 that are using functions that have been deprecated in PHP 7.2. So you see, your server should not even be outputting those notices to your browser at all.

Therefore, the best solution to this issue is to configure PHP for your production server as is recommended in the php.ini file. If you don’t have access to this configuration file on your server then you should talk to your hosting provider about fixing this issue:
http://www.php.net/manual/en/errorfunc.configuration.php#ini.error-reporting

I recommend this setting:
error_reporting = E_ALL & ~E_DEPRECATED

FYI, here is the description and recommendations from a standard php.ini file example:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; This directive informs PHP of which errors, warnings and notices you would like
; it to take action for. The recommended way of setting values for this
; directive is through the use of the error level constants and bitwise
; operators. The error level constants are below here for convenience as well as
; some common settings and their meanings.
; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
; those related to E_NOTICE and E_STRICT, which together cover best practices and
; recommended coding standards in PHP. For performance reasons, this is the
; recommend error reporting setting. Your production server shouldn’t be wasting
; resources complaining about best practices and coding standards. That’s what
; development servers and development settings are for.
; Note: The php.ini-development file has this setting as E_ALL | E_STRICT. This
; means it pretty much reports everything which is exactly what you want during
; development and early testing.
;
; Error Level Constants:
; E_ALL – All errors and warnings (includes E_STRICT as of PHP 6.0.0)
; E_ERROR – fatal run-time errors
; E_RECOVERABLE_ERROR – almost fatal run-time errors
; E_WARNING – run-time warnings (non-fatal errors)
; E_PARSE – compile-time parse errors
; E_NOTICE – run-time notices (these are warnings which often result
; from a bug in your code, but it’s possible that it was
; intentional (e.g., using an uninitialized variable and
; relying on the fact it’s automatically initialized to an
; empty string)
; E_STRICT – run-time notices, enable to have PHP suggest changes
; to your code which will ensure the best interoperability
; and forward compatibility of your code
; E_CORE_ERROR – fatal errors that occur during PHP’s initial startup
; E_CORE_WARNING – warnings (non-fatal errors) that occur during PHP’s
; initial startup
; E_COMPILE_ERROR – fatal compile-time errors
; E_COMPILE_WARNING – compile-time warnings (non-fatal errors)
; E_USER_ERROR – user-generated error message
; E_USER_WARNING – user-generated warning message
; E_USER_NOTICE – user-generated notice message
; E_DEPRECATED – warn about code that will not work in future versions
; of PHP
; E_USER_DEPRECATED – user-generated deprecation warnings
;
; Common Values:
; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.)
; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.)
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED

So, first let me say that it sounds like there is more going on to cause your scans to run very slow. It shouldn’t take more than 30 minutes to scan a single site, so 6 sites should still be dome in about 3 hours. Also, if it is going into the re-scanning phase after 99% then it is likely an indication of Read/Write Errors. At 50%, it is possible that the whole scan is being blocked by something else on the site and completely restarting after the first run through.

The first thing to try would be to open the Error Console in your browser while running the scan and looking for JavaScript errors. Taking a screenshot for me (after the scan has been running for at least a few minutes) might help me spot if there is something else wrong that I haven’t thought of.

If you want to focus on fixing this issue with the long scan time I might be easier to run the Complete Scan on just the wp-content or plugins, that way you don’t have to worry about it scanning all those other sites.

You can also send me any details that your don’t want to publish on this public forum directly to my email address:
eli AT gotmls DOT net