acekin
Forum Replies Created
-
*** OFF TOPIC BUT IMPORTANT ***
When I posted this question with broken links I did not realize that Google would actually index these posts and try to crawl my site for these links. Moral of the story: Do not write traceable URLs, break them with word counterparts, spaces, or otherwise make them non clickable. These posts are also on some RSS feed sites which are also feeding the bots. Like:
http : / / ditted24 . rssing . com / chan-12949233/all_p112.htmlIf it is at all possible, could someone delete these threads that have example but non working links. If not, please heed the moral of the story I wrote above.
Cemal
Has anyone at Wordfence saw this post in the last two weeks?
Cemal
Thank you Carolyn, I recently updated a couple of plugins and now a user at Editor level can indeed see the feedback. Thanks, your reply must have fixed my problem 😉
Everything should be this simple!
Cemal
@alergic, the URLs you wrote are not fully qualified URLs. They would look something like:
http://www.alergic.com/myadmin/scripts/setup.phpThat said, I reduced my fully qualified URLs to just the folder/file and they appear to be “working”. I used to get from one IP hundreds of page requests for the same URL, now the particular link I added gets at most two requests. I am assuming, which is not always a good thing, that Wordfence may consider the request “block-worthy” after the second hit. Not seeing the third hit may be due to delayed blocking. All this may not be true, as I said I am sticking my neck out and making an assumption.
This feature is not, I believe, intended to replace robots.txt file. That will be the way to tell the search engine bots to tell them not to look there. I also think the “block” Wordfence may provide will be temporary, possibly lasting minutes to break the flow of the intruder. I do not see any entries in my blocked IPs list. This feature may be better called “Request Interruptus” rather than blocked IP.
Cemal
I cleared the image cache in NGG and this is after that. There are many more entries since I copied and pasted this.
Yes, I am reporting this as a NextGEN issue here. The reference to a wider problem was “editorial comment”. I will write it directly to WordPress as well. But the entries created specifically by NextGEN multiply like rabbits 😉 I am also going to submit this as a bug.
Cemal
There are not many files in the Gallery/cache folder if that is where you keep them. What I see are actually code snippets that look like what I pasted below. This is since I cleaned all of them this morning and it is under “_transient_f4d8ec…..”. There are many of them along with “displayed_gallery_rendering_…….” which has a much simpler entry, just a string of numbers like 1403540562.
This bloat as I am finding out is not limited to NextGEN, it seems to be a problem stemming from many plugins and WordPress using wp_options as a garbage disposal without anybody actually disposing them. The table keeps growing in size. When I noticed it first my wp_options table was close to 20MB, most of which being junk. This needs to be addressed at a core level and plugin developers need to play nice and clean their crud. Some leave entries even after uninstalling the plugin, that is a shame.
Cemal
Here is the code snippet in the wp_options file, with many many more:
<div
class=”ngg-galleryoverview ngg-ajax-pagination-none”
id=”ngg-gallery-af1d16c654407a1113848d2c0232b1d9-1″><!– Thumbnails –>
<div id=”ngg-image-0″ class=”ngg-gallery-thumbnail-box” >
<div class=”ngg-gallery-thumbnail”>
<a href=”http://www.keptlight.com/klblog/wp-content/gallery/soapmakers/mg_6011-12.jpg”
title=”Making Soap, general view of upstairs”
data-src=”http://www.keptlight.com/klblog/wp-content/gallery/soapmakers/mg_6011-12.jpg”
data-thumbnail=”http://www.keptlight.com/klblog/wp-content/gallery/soapmakers/thumbs/thumbs_mg_6011-12.jpg”
data-image-id=”5765″
data-title=”Making Soap, general view of upstairs”
data-description=”Making Soap, general view of upstairs”
rel=”lightbox[af1d16c654407a1113848d2c0232b1d9]”>
<img
title=”Making Soap, general view of upstairs”
alt=”Making Soap, general view of upstairs”
src=”http://www.keptlight.com/klblog/wp-content/gallery/soapmakers/thumbs/thumbs_mg_6011-12.jpg”
width=”89″
height=”134″
style=”max-width:none;”
/></div>
</div>
<—- snipped section to save space —-><div id=”ngg-image-1″ class=”ngg-gallery-thumbnail-box” >
<div class=”ngg-clear”></div>
</div>@alergic, you may consider using the fully qualified URL including the protocol http:// at the beginning. Although I originally reported that it was not working, then I realized that WordFence was blocking the intruder after the second attempt. There may be a technical reason for the first hit not being blocked, or it may be an oversight.
Cemal
I said that block by URL did not seem to be working on my site, but I think I detected a pattern. The IP number seems to be blocked after two attempts. I also see a pattern on the visits, they seem to wait in between attempts to bring up the same URL, sometimes by minutes, sometimes by hours. The IP number remains the same. I guess they are programming their bots too.
Overall, I think the number of ill-hits seems to be lower.
Thank you,
Cemal
The block by URL does not seem to work on my site, I can see multiple accesses to the same URL which I specified as a trigger to block. Should the blocked IPs show in the Blocked IPs tab?
I am going to push my luck and ask for a couple of enhancements to this feature:
- Instead of writing the full URL including the domain name and protocol, can we simply indicate the document they tried to access. I want to write “wp-login.php?action=register” without the domain or the folder before it. It will be simpler to enter and will be triggered with any folder or path in the full URL.
- Will it be too much to ask to have a text field where we enter the trigger documents one per line. Writing them comma separated in a narrow field is a bit cumbersome.
Thanks,
Cemal
That is very good to know. You and your team are most likely aware of these hacking URLs. We will welcome your suggestions in the Block by URL options as “Recommended block triggers”.
Thank you,
Cemal
I found out a fix from the Subscribe2 author, here is the solution:
http://wordpress.org/support/topic/subcribe2-and-jetpack-proofread-conflict?replies=4Essentially, disabling the Subscribe2 button in the visual editor takes care of the problem. He indicated that in the next release it will be fixed in the code.
Cemal
Thank you, disabling the button in the visual editor took care of the problem. Everything should be this simple.
Cemal
I can confirm with confidence that using “WP Clean Up” plugin and using it to delete what it considers redundant data (Revision, Draft, Auto Draft, Moderated Comments, Spam Comments, Trash Comments, Orphan Postmeta, Orphan Commentmeta, Orphan Relationships, Dashboard Transient Feed) breaks NextGEN Gallery presentation. I ran the same plugin on my test bed site and as soon as I clicked on “Delete All” button, the plugin cleaned up all the debris but the gallery display is broken.
Since I have run this test on my production site with months of troubles, and now on a test site with minimal content, I will consider the relationship between two plugins “hostile”. I will post this message with a link to this thread to WP Clean Up support forum as well.
Just as WP Clean Up author should check what may be causing this harm, it may be prudent for NGG team to investigate that as well just in case another similar plugin may cause the same problem and it may be due to an issue in NextGEN plugin. No other plugins are adversely affected by the cleaning process.
Cemal
The cleaning plugin is NOT WB DB Clean, but “WP Clean Up“. I used to use WP DB Clean but the other looked simpler to use! Little did I know that it also had a very strong vacuum cleaner! I will also try WP Clean Up on my test bed site to see if it causes the same problem. If it does NOT, then there is something different on my WP NGG tables that present a ready to corrupt situation. The cleaning should not even touch these tables though, it is supposed to clean the redundant posts, spam comments, etc. Unless, of course, in the process of deleting redundant copies of posts the integrity of the real posts is compromised. How, I have no idea.
Cemal
You do recall correctly, I can verify that it is indeed WP Clean Up plugin doing some “cleaning” even before “Optimize”. I took that step and the galleries disappeared again. Needless to say WP Clean Up is now deep cleaned from my site. This is a validated problem, I am not sure what it is cleaning, or whether NGG is leaving some traces that appear like “dirt” to be cleaned. That is up to NGG and WP Clean teams to figure out.
One problem “Restore” did not fix is the set of galleries that were inserted with the new insertion tool (the official name may be different). I need to reinsert them, and I will repeat a couple of feature requests:
- Allow saving and restoring user settings
- Include an option to use the old shortcode which seems to be more robust, unless there are compelling reasons for using the new tool. I know I can do it manually but it will be convenient if I can do it at the time of insertion. Furthermore, it will maintain compatibility with other similar plugins, unless you specifically do not want that.
I will now add other options I had before, but will not use WP Clean Up again.
Cemal
