yosmc
Forum Replies Created
-
Thanks – in the meantime, I’ve transitioned to akismet and cloudflare, both of which work flawlessly on all of my sites.
Forum: Plugins
In reply to: [WP Armour - Honeypot Anti Spam] Blocks all mail on Contact Form 7Sad that I never got a reply – uninstalled now.
Forum: Plugins
In reply to: [WP Armour - Honeypot Anti Spam] Blocks all mail on Contact Form 7Hi – to maintain my privacy, I sent you the link via the contact form on your website.
Fatal error: Uncaught Error: Undefined constant “WPUAP_TEXT_DOMAIN” in /home/path/domains/mydomain.com/public_html/wp-content/plugins/wp-user-avatar-pro/includes/class-wp-user-avatar.php:179 Stack trace: #0 /home/path/domains/mydomain.com/public_html/wp-includes/class-wp-hook.php(324): WP_User_Avatar::wpua_media_upload_scripts() #1 /home/path/domains/mydomain.com/public_html/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters() #2 /home/path/domains/mydomain.com/public_html/wp-includes/plugin.php(517): WP_Hook->do_action() #3 /home/path/domains/mydomain.com/public_html/wp-admin/admin-header.php(123): do_action() #4 /home/path/domains/mydomain.com/public_html/wp-admin/options-discussion.php(36): require_once(‘…’) #5 {main} thrown in /home/path/domains/mydomain.com/public_html/wp-content/plugins/wp-user-avatar-pro/includes/class-wp-user-avatar.php on line 179
Let me know if I should open that ticket anyway.
- This reply was modified 7 months, 1 week ago by yosmc.
Forum: Plugins
In reply to: [SlimStat Analytics] Replacement for show_report_wrapper()Thanks for the quick reply. I’ve hardcoded this into single.php of my theme, so I’m afraid that using a shortcode won’t work here.
Forum: Plugins
In reply to: [SlimStat Analytics] Replacement for report_header()[Made a mistake in the description, not sure why it’s not possible to edit.]
Forum: Plugins
In reply to: [Block AI Crawlers] Add custom robots.txt fieldNice – thank you.
Never mind, Nextcloud needs curl_exec as well, so all good as it is.
Thanks for the clarification. The message I received reads as follows:
Critical Problems:
- The Plugin xyz needs an upgrade (1.2.3 -> 1.2.4).
Update includes security-related fixes.
Vulnerability Severity: 6.4/10.0 (Medium) Vulnerability Information
https://ww.wp.xz.cn/plugins/xyz/#developers9 existing issues were found again and are not shown.
There are two things I find confusing:
- I received a critical alert because of a medium vulnerability (in this case, storerd cross site scripting by contributors on a site that doesn’t allow for contributors and that doesn’t even have the plugin activated). Of course it would be best to receive critical alerts for vulnerabilities only that pose an actual threat to my site(s). So I’m wondering about the threshold – will I receive critical alerts for plugin updates with “low” vulnerability severity as well?
- If the alert is set to critical only, imho I should not be told how many existing issues were found again, but rather how many critical issues were found again (if any). To me, security alerts are only as useful as the time they save: I am alerted so I don’t have to check myself. But if the alerts suggest that I might have overlooked something, the usefulness diminishes – first time I will go and check, second time I might ignore the message altogether, which defeats the purpose of receiving such alerts in the first place.
Thanks for the quick reply – much appreciated. According to the diagnostics page, X-Real-IP wasn’t set, so I reverted “How Wordfence gets IPs” to the default setting. Edited nginx.conf – everything else looking fine.
Forum: Plugins
In reply to: [MailPoet Newsletters (Previous)] After Latest WP Update IssuePlugin is unsupported, so you need to fix this yourself.
In /wysija-newsletters/helpers/render_engine.php in line 1140, FIND:
$value = join($value, $arguments[0]);
REPLACE with:
$value = join($arguments[0], $value);
Voila!
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Great, but…Your plugin was of great help, because it identified 68 files that were infected with malicious code, and helped me see how serious the situation was. It missed two php files, however, which were designed to load and execute php code via an include, and it missed said .ico file which carried the payload.
In my mind, if the plugin looked at all files by default, it would have a better chance of either eliminating all payloads or all detonators (catching either would have defused the situation). I don’t think many people realize that an image file carrying malicious php code can indeed be half the problem.
In this case, the script didn’t find the .ico file even after I had activated all extensions, but it also got stuck several times and retried scanning. The furthest I got was 99%.
Thanks for writing back – I’m sending over the files that weren’t identified.
DISCLAIMER: I am not a security expert. Just someone stuck with the same problem.
First thing you should do is delete um-image-upload.php – it is in the /lib/upload folder.
Secondly, using the Anti-Malware plugin didn’t do the trick for me, as it didn’t find all files. But it helps see the scope of the problem.
I am uploading a full backup of the compromised account as I am typing this. If you have recent backups, you are in luck. Just keep in mind that it won’t help if you use a backup that is infected as well (needless to say). To find the time of the infection, check your apache logs – look for the first occurance of that nasty file in UM’s upload folder. Or look for entries related to um-image-upload.php. Good luck.
- This reply was modified 7 years, 10 months ago by yosmc.
After re-reading the security bulletin, it says that the exploit was around since 2015 until at least version 2.0.4 (this year).
What it doesn’t say is that it was actually ever fixed.
So I am assuming the current issue isn’t new – the only novelty is that there’s someone out there taking advantage of it.
Not really. How long has this issue been around now? Since 2015?!
https://www.cvedetails.com/cve/CVE-2018-0587/
Now that everybody is getting hacked, you are “overhauling” security. Great! How about an immediate fix everyone can implement, like deleting that dreaded um-image-upload.php?
You do not realize how serious this is, do you?