Title: DDCoating's Replies | WordPress.org

---

# DDCoating

  [  ](https://wordpress.org/support/users/ddcoating/)

 *   [Profile](https://wordpress.org/support/users/ddcoating/)
 *   [Topics Started](https://wordpress.org/support/users/ddcoating/topics/)
 *   [Replies Created](https://wordpress.org/support/users/ddcoating/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/ddcoating/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/ddcoating/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/ddcoating/engagements/)
 *   [Favorites](https://wordpress.org/support/users/ddcoating/favorites/)

 Search replies:

## Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[6Scan Security] 500 Internal Server Error](https://wordpress.org/support/topic/500-internal-server-error-301/)
 *  Thread Starter [DDCoating](https://wordpress.org/support/users/ddcoating/)
 * (@ddcoating)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/500-internal-server-error-301/#post-4799681)
 * And out of the blue, 1 month AFTER removing the plugin, we receive an email from
   [no-reply@6scanalerts.com](https://wordpress.org/support/users/ddcoating/replies/no-reply@6scanalerts.com?output_format=md).
   zeratul.6scan.com 198.7.62.83
    …………………… Dear Webmaster,
 *  6Scan’s security scanner has detected the following new security vulnerabilities
   on your site:
 * Description
    WordPress Readme file discloses information about your WordPress
   version
 * Severity LOW
 *  If not fixed, these vulnerabilities could open you up to attack from hackers
   and malicious bots. Click below to go to the 6Scan Dashboard, where you can get
   free fix instructions or sign up for one of our automated fix plans.
 * Go To Dashboard
 * Safe browsing!
    The 6Scan Team
 * You are receiving this email because your site, is protected with 6Scan’s website
   security plugin. To stop receiving new vulnerability notifications, click here
   or visit your dashboard. Contact us at [support@6scan.com](https://wordpress.org/support/users/ddcoating/replies/support@6scan.com?output_format=md)
   if you have any questions.
    Six Scan Ltd., 2964 Columbia St. Suite # 38088, Torrance,
   CA 90503. ……………………
 * Well guys, NO, our site is NOT SUPPOSE to be protected by 6scan any longer. We
   never created an account, obviously you harvest the email address, (we sure didn’t
   submit it), we deleted the plguin less than 30 minutes after it was installed,
   we continue to receive 404 log errors from your servers looking for files that
   are not on our server, and now we receive alerts about a vulnerability in our
   readme file?
 * And NO I’m not going to email you with any personal credentials so you can investigate
   further for the betterment of future users. There’s a trust factor that does 
   not exist here. You take every complaint straight to email and out of the public’s
   eye. People have a right to see the headaches this plugin can cause.
 * So I’ll ask. Why is your plugin scanning pages from our site <- [I know, it will
   for “quite a while”] and generating email reports 30 days later and where did
   you get our email address? Once again we absolutely did not create an account.
   The request for personal info to create an account is why we decided NOT to keep
   the plugin active. Yet, you obviously have that very same info!
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[6Scan Security] 500 Internal Server Error](https://wordpress.org/support/topic/500-internal-server-error-301/)
 *  Thread Starter [DDCoating](https://wordpress.org/support/users/ddcoating/)
 * (@ddcoating)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/500-internal-server-error-301/#post-4799658)
 * I couldn’t uninstall the plugin via the dashboard. I had to remove the plugin
   via an ftp program because as I mentioned once it was activated it created a 
   500 internal server error. Every page was blank until the plugin was removed 
   and I removed the added codes from the httaccess file. I never created an account.
   Blank page. Blank site. Verified our server working properly. Came here and posted
   my problem looking for support.
 * No thanks on sending info via email and taking this private. Every support thread
   I read ended once the support went to the email. I prefer to keep the info public.
   Maybe save someone else some time if they encounter the same results.
 * I’ve been done with the plugin for a couple weeks anyway. No big deal. I came
   back for info regarding the errors. It looks like I will simply deny the IP addresses
   as they appear or until you quit looking for the absent files.
 * I’m marking this topic as resolved.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[6Scan Security] 500 Internal Server Error](https://wordpress.org/support/topic/500-internal-server-error-301/)
 *  Thread Starter [DDCoating](https://wordpress.org/support/users/ddcoating/)
 * (@ddcoating)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/500-internal-server-error-301/#post-4799656)
 * I’ll pass on sending you more info since I was able to remove the files and recover
   the site on my own.
 * But perhaps you can answer why today, two weeks after removing the plugin, I’m
   still generating 404 errors in my logs to pages that were related to the plugin
   and the IP generating the errors traces back to 6scan.com? What is it you’re 
   looking for and why are you still trying to connect to our site?
 * Host: 198.7.62.83 – zeratul.6scan.com
    /wp-content/plugins/6scan-protection/modules/
   signatures/notice.php?nonce=427&upd-security-logs=1&upd-a
 * There are 6 entries like the one above [nonce=427 increases in increments of 
   1 for each entry] made within 15 seconds for today so far.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[6Scan Security] 500 Internal Server Error](https://wordpress.org/support/topic/500-internal-server-error-301/)
 *  Thread Starter [DDCoating](https://wordpress.org/support/users/ddcoating/)
 * (@ddcoating)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/500-internal-server-error-301/#post-4799360)
 * The problem! You guys jacked up the **.htaccess file** with all this bullshit!
   Site popped right back online once this garbage was removed!
 * # Created by 6Scan plugin
 * #Those are used by 6Scan Gateway
 * SetEnv SIXSCAN_HTACCESS_VERSION 1
 * SetEnv SIXSCAN_WP_BASEDIR /
 * #don’t show directory listing and apache information
 * ServerSignature Off
 * <IfModule mod_rewrite.c>
 * RewriteEngine On
 * #avoid direct access to the 6scan-gate.php file
 * RewriteCond %{ENV:REDIRECT_sixscaninternal} !^accessgranted$
 * RewriteCond %{ENV:sixscaninternal} !^accessgranted$
 * RewriteCond %{REQUEST_URI} 6scan-gate\.php$
 * RewriteRule ^(.*)$ – [F]
 * #This is not really a must, but speeds things up a bit
 * RewriteRule ^6scan-gate\.php$ – [L]
 * #Patrol’s IPs needs access, to check whether rules update is required
    RewriteCond%{
   REMOTE_ADDR} ^108\.59\.1\.37$ [OR] RewriteCond %{REMOTE_ADDR} ^108\.59\.5\.197
   $ [OR] RewriteCond %{REMOTE_ADDR} ^108\.59\.2\.209$ [OR] RewriteCond %{REMOTE_ADDR}
   ^95\.211\.58\.114$ [OR] RewriteCond %{REMOTE_ADDR} ^95\.211\.70\.82$ [OR] RewriteCond%{
   REMOTE_ADDR} ^107\.22\.183\.61$ [OR] RewriteCond %{REMOTE_ADDR} ^78\.47\.11\.
   131$ [OR] RewriteCond %{REMOTE_ADDR} ^199\.115\.112\.90$ [OR] RewriteCond %{REMOTE_ADDR}
   ^192\.96\.201\.13$ RewriteRule ^(.*)$ – [S=6]
 * #Broad-spectrum protection: User agent/referrer injections. XSS,RFI and SQLI 
   prevention
 * RewriteCond %{REQUEST_METHOD} ^(OPTIONS|PUT|DELETE|TRACE|CONNECT|PATCH|TRACK|
   DEBUG) [NC]
    RewriteRule .* – [E=sixscansecuritylog:1,E=sixscanstrangerequest:
   1] –
 * RewriteCond %{QUERY_STRING} (http(s)?(:|%3A)(/|%2F)(/|%2F)|ftp(:|%3A)(/|%2F)(/
   |%2F)|zlib(:|%3A)|bzip2(:|%3A)) [NC]
 * RewriteRule .* – [E=sixscansecuritylog:1,E=sixscanwafrfi:1] –
 * RewriteCond %{REQUEST_METHOD} ^(POST) [NC]
 * RewriteCond %{HTTP_REFERER} !^$
 * RewriteCond %{HTTP_REFERER} !^(WordPress\/[\d.]+;\s+)?https?://(www.)?domain\.
   com [NC]
 * RewriteRule .* – [E=sixscansecuritylog:1,E=sixscanwafcsrf:1] –
 * RewriteCond %{QUERY_STRING} (<|%3c).*(script|iframe|src).*(>|%3e) [NC]
 * RewriteRule .* – [E=sixscansecuritylog:1,E=sixscanwafxss:1] –
 * RewriteCond %{QUERY_STRING} union.*select [NC,OR]
 * RewriteCond %{QUERY_STRING} (concat|delete|right|ascii|left|mid|version|substring
   |extractvalue|benchmark|load_file).*\(.*\) [NC,OR]
 * RewriteCond %{QUERY_STRING} (into.*outfile) [NC,OR]
 * RewriteCond %{QUERY_STRING} (having.*–) [NC]
 * RewriteRule .* – [E=sixscansecuritylog:1,E=sixscanwafsqli:1] –
 * RewriteCond %{REQUEST_URI} ^/just/a/random/dir/to/avoid/htaccess/mixups\.php
   
   RewriteRule .* /6scan-gate.php [E=sixscaninternal:accessgranted,L] </IfModule
   >
 * # End of 6Scan plugin
 * Also manually removed 6scan-gate.php and 6scan-signature.php from my root folder!
   What a crock of crap.
 * Has your code been injected anywhere else that isn’t visible?

Viewing 4 replies - 1 through 4 (of 4 total)