itpixie
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Unknown logged in successfully as "systemwpadmin"I’m having the same issue with a site I’m helping with, the phantom systemwpadmin showed up in my login logs.
I talked to the web host, and all they could give me was a list of activities supposedly committed by the phantom user — editing timthumb.php via the theme editor.
I see that your phantom user came from a GoDaddy IP, and mine too, but from a different GoDaddy IP.
After blocking that IP, have you gotten any activities from systemwpadmin again?
By the way, do you have “Allow anyone to register” checked?
And I assume you have searched your WP user table in the database and didn’t find systemwpadmin, is that correct?
Has you site ever been hacked?
Sorry for all the questions… I’m trying gather more information to investigate…
p.s. I find Wordfence is an excellent security plugin as well. However if you want to scan your site with other scanners to catch anything that Wordfence might have missed, Anti-Malware (Get off Malicious Scripts) and Sucuri scanner are quite useful as well.
Forum: Fixing WordPress
In reply to: Unknown users with admin rights!?@youon: What’s this issue/vulnerability with query_posts that you mentioned? Do yo have a link to more info?
I’m encountering a similar issue of a phantom user logging into the admin area. My problem is though, this phantom user, systemwpadmin, is not in the WordPress database at all. At least not when I try to look it up (in WP dashboard as well as phpMyAdmin). I found out about him via my Login logs, and it seems he didn’t have any user role at all when he logged in.
I have scanned the site over and over, as well as have had the web host to scan the files, and no backdoor has been found. Yes, the site was hacked at one point, but it was cleaned up and I went through every single folder to made sure there wasn’t any malicious files.
The web host wasn’t able to provide any info on how exactly this phantom user got in, and I’m just at lost about how this person logged in when he doesn’t even exist in the database to have anything to compare credentials against. Unless this person created himself directly in the database, logged into WP, did his thing, then delete himself off the database?
Thanks for getting back to me.
Yes, I found out that one of my tables was corrupted (probably caused by the server upgrade) after I posted here. After repairing that table I no longer receive the warnings.
Thanks so much again!
I think I was actually seeing information about a different vulnerability in wp-comment-post.php that had to do with redirects, which was fixed in WP 3.3.2 (http://wordpress.org/news/2012/04/wordpress-3-3-2/).
After seeing this comment (which was posted after my question), I think I have a better understanding of the vulnerability that 6Scan pointed out. Correct me if I’m wrong:
The vulnerability in question is about fake comments to be posted to vulnerable sites. These fake comments are generated from hacked sites and trigger by these sites’ visitors commenting on the sites… The fix provided by 6Scan is to block these fake comments by checking the Referer Header and comparing that to that of the site to be posted…Thank you again for the clarification and additional information.
Forum: Plugins
In reply to: [eShop] PHP & MySQL Minimum Requirements for eShopThanks, elfin… The reason I asked is because the site I want to install eShop to is running an old version of WP, and due to various reasons, I cannot upgrade it to the latest version. I often have trouble installing modern plugins to this site because of that. I particular have issues installing plugins requiring PHP 5. I just wanted to see if there are certain absolute requirements (such as PHP 5) for running eShop, or if the plugin’s functionality could be diminished due to older versions of WP, PHP and/or MySQL.
Thanks again for the clarifications.
I’m entering the same problem as well…
Thank you!
@pmfox, I think your warning might have something to do with either
- /wp-content/uploads/WPFMP_DATA/.sc_wpfmp_scan_data didn’t exist because this was the first time you ran the plugin after the upgrade; OR
- You didn’t give the plugin sufficient permission to create and write to /wp-content/uploads/WPFMP_DATA/.sc_wpfmp_scan_data
BTW, I figured out my warnings and what caused them. Basically they are about the plugin trying to compare the one folder {root directory}/stats/logs for changes, but this is kind of a phantom folder, or a system folder that can’t be access by anyone except the host company. I don’t even see it when logging into the server using Filezilla. The plugin is able to see this folder, but is not able to perform any checks on it or write to it (probably due to permission issue).
After excluding this folder from being monitored, the warnings went away. I got the notification on what’s being removed (from the monitor list), and that’s when I finally realize the existence of {root directory}/stats/logs.
Sorry this totally went off topic (not filters related), but please correct me if my observation about the warnings is wrong.
Thank you Scott!
Also I am encountering the following warnings after the upgrade, could you shed some light on what they mean, and if they are something I should be concern of?
Warning: filesize() [function.filesize]: stat failed for {root directory}/stats/logs in {root directory}/wp-content/plugins/wordpress-file-monitor-plus/classes/wpfmp.class.php on line 286
Warning: filemtime() [function.filemtime]: stat failed for {root directory}/stats/logs in {root directory}/wp-content/plugins/wordpress-file-monitor-plus/classes/wpfmp.class.php on line 289
Warning: md5_file({root directory}/stats/logs) [function.md5-file]: failed to open stream: No such file or directory in {root directory}/wp-content/plugins/wordpress-file-monitor-plus/classes/wpfmp.class.php on line 292
Hi Sebastian,
I’m using:
WP: 3.3.1
G+ crosspost: 1.1.1I just posted something on G+ using Safari 5.1.5, and that got crossposted to my WP successfully. When I checked the plugin settings using Safari just now, all the ID and key are intact as well… Just FYI.
Thanks!
Hi Sebastian,
The API key and Google+ ID disappearing issue has come back… Now it seems every time I go into the Settings of the plugin, the key and ID are gone. I reenter all the info and save, they get saved and the plugin works fine. But at some point, they disappear again (I notice because I see my G+ posts aren’t getting cross-posted)…
This seems to have started recently (last couple of weeks, may be?)…
I run Firefox (latest version) and set it to clear browser data every time I close the browser… I don’t see how this could cause the problem, but I just want to give you this info.
Is anyone else experiencing the same issue?
Thanks!
Forum: Installing WordPress
In reply to: WordPress 3.3.1 and the missing visual editorSounds like it might have something to do with your new theme. May be the codes used in the new theme are not compatible with WP 3.3.1 and/or Mac browsers? Have you tried switching to a different theme (like the default WP Twenty Eleven) to see if the problem continues? I would say try that to isolate the issue before completely reinstall the new theme/WP…
Forum: Installing WordPress
In reply to: WordPress 3.3.1 and the missing visual editorI had the problem with my Macbook Pro, and the update to OSX 10.7.3 and the latest FireFox seemed to have fixed the problem. I still can’t see the Visual Editor when I’m using Safari, but since I can use FireFox without issues, I don’t really care about it not working in Safari.
No, I have not used Cocktail or CleanMyMac. If you read my posts up there, you will see how it got fixed for me. I do still have the Google Library plugin active as well. And I am using my own theme (the default WP theme never did anything to fix the issue anyways)
I too think it has something to do with the Mac version of the browsers. It’s probably something to do with how some WordPress codes don’t work well with Mac OS (browser) codes.
Good luck!
Forum: Plugins
In reply to: [Ninja Pages] [Plugin: Ninja Page Categories and Tags] v1.2 crashed my siteI’m getting the same error message as well, when I try to activate the plugin:
Parse error: syntax error, unexpected T_BOOLEAN_AND, expecting ‘,’ or ‘)’ in ../wp-content/plugins/ninja-page-categories-and-tags/ninja_page_cats_tags.php on line 37
Although my site itself (front or back end) has not been affected (other than not being able to activate the plugin)…
Thanks!
Forum: Installing WordPress
In reply to: WordPress 3.3.1 and the missing visual editorNot sure what exactly happened, but after updating to Lion 10.7.3 and Firefox 10, the visual editor is back!!!! And I haven’t done anything else…
Visual editor is still not working on Safari or Chrome though…
So if you’re using a Mac, definitely try updating to the latest version, and get the latest version of Firefox if you don’t have it already.
Hi Sebastian,
Yes, I’m using the latest version. I thought I had the 1.1.1 version the last time the IDs disappeared but I don’t remember for sure. But I haven’t noticed the settings disappearing since I posted here…
I will keep checking the next several days, and if it happens again I will let you know.
Thank you again!