Mark Maunder
Forum Replies Created
-
It’s either infected or (more likely) the developer has run a code obfuscator on his PHP to try and make the code hard to read. Please contact the developer of botdetect-wp-captcha about this.
Regards,
Mark.
Hi,
We have a new system which we’re currently testing and will be released in the next version that lets us exclude known safe files. We currently have over 2 million safe files and growing.
If you can tell me where to get a large number of internationalized versions of WordPress that are from a trusted source, we can bulk download and import them into the safe files database. Just post a link or as many links as you’d like and we’ll take care of it.
Regards,
Mark.
We already have this. Please see the option labeled:
“Exclude files from scan that match these wildcard patterns. Comma separated.”
We’re also introducing a fix in the next version (which we’ve already coded and are currently testing) that will reduce those readme.txt false positives and will radically reduce all other false positives.
Regards,
Mark.
@fesarlis When you posted this the fix for the issue was in beta testing already and we had already published the fact that we’d fixed it on our blog:
http://www.wordfence.com/blog/2014/04/wordfence-5-0-5-beta-1-is-now-available/
The fix was released 24 hours ago after our beta testers approved it and is in the current version.
Regards,
Mark.
Hi @barky81
I’m sorry this thread seems to have gotten off track. Just wanted to post a quick update because I think we actually solved your problem in the 5.0.5 release and at the very least I wanted to let you know about it.
What happened was, we fired up a new Linode server to test something completely unrelated and saw the symptoms that you’re describing: Where the database runs out of connections and the site is put under serious load.
The issue was as follows:
We were making a call to “mysql_real_escape_string” in one of our modules which is actually deprecated. However this doesn’t cause a problem on most configurations, only very new servers, with relatively new Apache/PHP/mysql setups.
When we called mysql_real_escape_string() a warning would be issued and Wordfence would try to log that warning to the database causing a cascade of failures. When we reproduced this in our lab it was ugly – the error log spewed a ton of warnings and the database eventually started dropping connections.
Strangely we did not have this reported by any other users and only received one or two reports in the forums so we thought it was just an isolated issue.
Anyway, release 5.0.5 fixes this as you’ll see in the changelog and that went out yesterday after 48 hours of beta testing.
So please upgrade and you will hopefully find this resolves the problem you were seeing.
Once again I’m sorry this thread didn’t end up being as productive for you as it could have been, and I understand you weren’t posting a support request.
I just wanted to do you the courtesy of following up and letting you know that we probably fixed the issue you found was a problem for you with Wordfence.
Thanks for your input.
Regards,
Mark Maunder – Wordfence Founder & Feedjit Inc. CEO.
Marking this resolved if you’re OK with that. We’re detecting this now.
Regards,
Mark.
To be clear: When we release the permanent fix you can then reenable the two options I suggested disabling above.
Regards,
Mark.
Thanks for the suggestion, I’ve made a note of it.
Regards,
Mark.
Hi Robert,
We added detection recently for malware that was using str_replace along with lambda functions e.g. $myVarContainingFunctionName();
The hope was that very few legit plugins/themes would have str_replace and a lambda call on the same line. Turns out we were wrong, so we fixed it with a server update. So all Wordfence scans won’t produce these false positives anymore and the issue is now fixed.
You can ask your customer to simply rescan and the issue will disappear from the list.
Regards,
Mark.
OK so the specific issue we’re addressing here is the one @shoopi posted above where you do a scan, the status says you have some issues but the issue list says “Congratulations you have no issues” in green.
We’ve found the bug and it is:
If you’re doing a scan and you have comment scanning for malware URL’s enabled OR “Check password strength on profile update” enabled. Then:
If during a scan someone posts a comment OR someone updates their profile, your list of new scan issues will be deleted up to that point. So if the scan is halfway through and it adds a few more issues you will get a partial list or you may get no issues at all which seems to be more common.
The fix is to disable the following two options at the bottom part of Wordfence options page under Other options:
DISABLE Scan comments for malware and phishing URL’s
DISABLE Check password strength on profile updateThis is a TEMPORARY fix and the next version which will be out in a few days will have a permanent and proper fix.
Regards,
Mark.
We moved here over 3 months ago.
Regards,
Mark.
Hi all,
Working on this now. We’re able to reproduce it in our lab. But I may ask you to work with us if we need more data. Should have a fix out soon.
Regards,
Mark.
“I have attempted to get help from the devs at various stages of its development to no avail.”
Looks like this is your second post ever to the wordpress.org forums. I didn’t see any posts asking for help here.
I’ve searched our ticketing system and didn’t find anything there either.
Can you tell me how you tried to contact us?
Regards,
Mark.
Hi there,
I’m interested in working with a few users to try and find out why this is hanging. Please email your site URL to genbiz@wordfence.com with a link to this forum post and the subject line “heartbleed scan hangs”.
We’ll do the scan manually in our lab and figure out why it’s getting stuck.
Regards,
Mark.