Mark Maunder
Forum Replies Created
-
Hi,
Brian asked me to take a look at this. It appears from the email you sent us this was caused by a malicious URL in a backup file. This is a fairly common false positive, especially if your backup files contain access logs which often contain malware referrers.
So in this case I think you can safely ignore this.
As an aside: it appears you’re running an older version of Wordfence because our newer versions actually include an image of the malware URL in the email alert we send you. So make sure you upgrade if you need to.
Also note that on the Wordfence options page you can exclude your backup files using a wildcard pattern. The option is titled “Exclude files from scan that match these wildcard patterns. Comma separated”.
Regards,
Mark.
Hi Elise,
Brian asked me to look at this. Even if your Ajax handler is returning 0 when you test it, when it’s asked to perform a specific function the plugin you’re using may block that.
I would recommend you ask the developers of the plugin if it interferes with ajax requests at all, because that’s how we scan and if your scans aren’t working when the plugin is enabled then it’s likely the plugin is doing something to that Ajax handler.
Regards,
Mark.
Glad to hear it’s resolved. If you encounter this in future please try checking the box to “disable config caching” on the Wordfence options page, hit save, then try to enable Falcon or make whatever other config changes you need to make.
Regards,
Mark.
Hi Garrett,
This warning appears if your Wordfence is trying to upgrade itself and for some reason your system has already defined FS_METHOD. Can you tell me if you have FS_METHOD defined in your wp-config.php file and what it is?
We’ve added a check to see if FS_METHOD is already defined in our upgrade routine which will be included in the next release.
Thanks.
Mark.
Forum: Plugins
In reply to: [FancyBox for WordPress] Possible malwareHi Guys,
The URL posted (which you can find here: http://pastebin.com/EjZNMdkj) is actually malicious. If you try to visit the URL you’ll get a malware warning from Chrome, so that’s why we’re flagging it. I’m pretty sure you don’t want iframe’s on your site that point to malicious URL’s, so it’s not a false positive. Please either mark the alert in Wordfence as ‘ignore’ or remove the iframe pointing to a malware URL on your site.
Regards,
Mark.
Thanks for the feedback shockdav. We’re constantly adding new signatures for detection so we’re always improving. Our users generally send us new infection samples to samples@wordfence.com (just FYI).
Also just wanted to update this. Since this thread was started about 8 months ago we have 2 new support members in our team – Brian and Tim and you’ve probably seen them active in the forums. So I just wanted you to know that we take our customer’s feedback seriously and actually do something about it.
Regards,
Mark.
We’re here. 🙂
Daniel: I’m assuming you meant to type “5.3.5 to 5.3.6”. And it sounds like you got a 500 Internal Server Error. Please check your web server error log or ask your host to do that. Usually when it’s an out of memory issue you’ll just see a white screen, not a 500 error. The 500 usually indicates PHP code issue – perhaps a plugin conflict.
Please enable debugging in Wordfence. Here’s how:
http://docs.wordfence.com/en/Wordfence_options#Enable_debugging_mode_.28increases_database_load.29
Then do a scan and tell us where it stops or runs out of memory or what issue it encounters.
mightygeeks you asked what we changed. Here’s the changelog: https://wordpress.org/plugins/wordfence/changelog/
Thanks.
Also, more info on this issue from Apache here: http://httpd.apache.org/docs/2.4/upgrading.html
Hi Marc,
Thanks for the excellent bug report. We’ve filed an issue and will get this fixed. In the mean time you can either disable Falcon or enable mod_access_compat on your apache install which will make your apache understand the older directives.
Regards,
Mark.
I think this may be an issue with your site. What’s probably happening is the .htaccess file created in the uploads folder is incompatible with your config and is generating a 500 error. Please try the following:
Enable the option on your site.
Then try to load an image URL directly that is not appearing on your site. Right click the image and open it in a new tab. Let us know what you see and post a screenshot if you can. Even better, let us know what appears in your web server error logs if you have access to those – that will tell us why the .htaccess is incompatible with your config and help us fix it.
Regards,
Mark.
Hi Ian,
Yes, we can’t block access to your CPanel so it’s them. Log a support call with the host and I’m sure they’ll fix it in short order.
Regards,
Mark.
Thanks, we’re aware of this. It was a bug introduced with our newest release. We’ll be putting out a release in the next 48 hours which fixes this. Apologies for any inconvenience.
Regards,
Mark.
Hi Ian,
We don’t block xmlrpc anymore. What did you see when you were blocked? In general it’ll be very clear that you’ve been blocked by Wordfence. The only time you’ll see a FORBIDDEN message is if you have Falcon enabled and we’ve blocked an IP using your .htaccess. In that case you can use whatsmyip.org to check what your IP is and then check your .htaccess to see if it’s listed in the list of IP’s that Wordfence is blocking. This will allow you to isolate whether it’s Wordfence or not. In this case I suspect it’s something else.
Regards,
Mark.
Hi,
Yes we changed the email format slightly. But it should be interpreted by your mail reader.
Please let us know which email reader you’re using or which free or paid email service provider you’re using.
Thanks.
Thanks, just want you to know we’ve received this and are investigating further. (Forwarded to me by Brian)
Regards,
Mark.