yorman
Forum Replies Created
-
jQuery is not defined
The problem is clear, jQuery is — for some reason — not being loaded.
jQuery is not provided by the Sucuri plugin, in fact, not many plugins include it in their source code because that’s WordPress job. WordPress is supposed to include jQuery by default on almost every page. There must be an error somewhere else affecting the
"load-scripts.php"file.Please open the DevTools once again, switch to the “Console” tab, and then paste this code
jQuery.fn.jquery. After hitting the Return key, you should be able to see the version number of the jQuery library installed in your website. If you don’t see the version number, and instead see an error message, then this confirms that the library is not being loaded by WordPress. In this case, I suggest you to restore the installation from a backup.There’s also the possibility that another plugin or theme (recently installed) is trying to execute a jQuery utility before the library is included by WordPress. This forces an exception that breaks other JavaScript code, include the code used by the Sucuri plugin. Have you recently installed a new plugin or theme? If yes, did you try disabling them while you run the tests?
Yes, that helps a lot.
It seems that the problem is not even the Sucuri plugin.
By the looks of the error message that you posted above, it seems that your website is not loading the jQuery library, which is a dependency of the Sucuri plugin and many other extensions in the market.
Just so you know, a Google Cloud Platforms was reporting issues for a few hours [1]. They had problems with their load balancer and many websites stopped working. This includes the Google CDN [2] which many people use to load JavaScript libraries like jQuery. If your website is also making use of Google CDN then this problem may be explained by the outage in their global network.
[1] https://status.cloud.google.com/incident/appengine/18005
[2] https://developers.google.com/speed/libraries/#jqueryIf you know how to use the DevTools in your web browser [1] please check if there are error messages in either the “Network” or “Console” tabs. Usually, when the “Loading…” message gets stuck is because something in the server is blocking the Ajax request or the “nonce” (used to authenticate the request) expired.
[1] https://developers.google.com/web/tools/chrome-devtools/
I have implemented the changes that you suggested [1].
After testing, these changes will be released with a future update.
Marking as resolved, thank you for the feedback.
[1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/61
Thank you for understanding, I just wanted to be sure.
The only places where the htaccess file is being referenced are these:
src/base.lib.php line 385 [1] src/integrity.lib.php line 606 [2] src/integrity.lib.php line 609 [3] src/fileinfo.lib.php line 138 [4] src/hardening.lib.php line 196 [5]
I went to check all of these but couldn’t find any code that would revert the content of the htaccess file back to its original state. There is an additional instruction here [6] used to check if the file contains the basic rules defined by WordPress during the installation of the website, but this code is only executed when you access the “Website Info” panel in the settings page, and it only runs in read-only mode, meaning that the content of the htaccess file is never overwritten.
I will add this to my TODO list to continue the investigation later, but as you said, I may not find anything related to our source code. I would check both WooCommerce and WordPress-SEO but their code is several times more complex than the Sucuri plugin.
What I would do in your case is, check the last modification time of the file. Then check in the website access logs a HTTP request that matches the time. This will give you an insight of what action was executed when the file was reset.
Let me know if you need more information.
[1] sucuri-wordpress-plugin/src/base.lib.php#L370-L394
[2] sucuri-wordpress-plugin/src/integrity.lib.php#L596-L606
[3] sucuri-wordpress-plugin/src/integrity.lib.php#L596-L609
[4] sucuri-wordpress-plugin/src/fileinfo.lib.php#L120-L140
[5] sucuri-wordpress-plugin/src/hardening.lib.php#L185-L197
[6] sucuri-wordpress-plugin/src/settings-webinfo.php#L168-L175Thank you, I will install these plugins in a new server and start testing.
Do updates to Sucuri Security plugin rewrite the .htaccess file?
What other plugins do you have installed?
Forum: Plugins
In reply to: [Sucuri Security - Auditing, Malware Scanner and Security Hardening] logsIs it not possible.
You can delete the cache from your server, but the data will still be available in Sucuri’s server for security reasons. If a malicious user gets access to your API key and requests the deletion of the logs to hide their fingerprints after attacking your website, you (as the administrator), will have no way to know what happened because the logs do not exist anymore.
While I understand that many of the events reported in the logs may not be of everyone’s interest, the other option (deleting older logs after some time) is even worst. I would suggest to implement an “archive” function to hide older logs, but this may not be something of high priority, so I don’t see it implemented any time soon.
Forum: Reviews
In reply to: [Sucuri Security - Auditing, Malware Scanner and Security Hardening] NOPE!Would it be possible that your hosting provider added the plugin for you?
Sucuri Inc. got acquired by GoDaddy Inc. on April 2017 and through multiple integrations of the systems, the later have pushed (for free) some of Sucuri products to existing clients.
If your website is hosted by GoDaddy, the existence of the Sucuri WordPress plugin in your website can be explained by the fact that one of their support agents considered it appropriate to install it after noticing that your website was infected with malware, the plugin acts as a shield to both clean and protect from future attacks. The other option would be to suspend your website to prevent the spread of the malware through the other shared accounts, and I guess you don’t want that.
Please talk with your hosting provider about this for confirmation.
Those logs seem harmless to me.
Jp_sitemapis the name of an action executed by the “JetPack” plugin to re-generate the sitemap [1], a special file in XML file with links to all the available pages in the website with a hierarchy, used by web crawlers like Google to determine what pages to index in their search results.That IP address
157.55.39.58is owned by Microsoft and used to host one of the multiple instances of their web crawler, MSNBot [2] also known as Bing. You can verify other IP addresses using this tool [3].What I think is happening is, every time one of these web crawlers hits your website, JetPack is — for whatever reason — regenerating the content of the sitemap file and consequently triggering an action that is considered suspicious by the Sucuri plugin. This may as well be a bug in JetPack or a temporary procedure, you’ll need to ask their developers for confirmation.
As for the other action
Jp_vid_sitemap, it seems to be doing exactly the same as the other one explained above, but instead of generating a map with links to the pages and posts, it’s generating a map with links to all the hosted videos, if there is any. Same thing for theJp_img_sitemapaction which seems to be associated to images, probably used by these web crawlers to show images hosted in your websites in their own search results, in Google Images for example.In conclusion, these events seem normal to me, I wouldn’t worry about them now.
[1] https://en.wikipedia.org/wiki/Site_map
[2] https://en.wikipedia.org/wiki/Msnbot
[3] https://www.bing.com/toolbox/verify-bingbotIf you don’t generate/set an API key, the auditing feature will stay disabled.
Yes, I did clear the cache (three times total), but the errors came back exactly as before.
That’s quite strange because the warnings in the screenshot are coming from non-existing pages that the malware scanner tries to download to detect malicious code injected by a type of malware that hides in 404 pages. But I ran some tests and it seems that your website is configured to automatically redirect any non-existing page to the home page. The scanner shouldn’t be able to download anything if the redirection is in place.
I suggest you to review the content of this file
.htaccess.Usually, with this type of infection, the attacker hides some instructions in this file to conditionally redirect the connections to pages containing the malicious code, but the redirection only happens when the malware detects specific bits of information that certain web browsers or web crawlers like Google Indexer use.
When you say search the site for “eval(“, do you mean file-by-file (not sure how to do that), or the database?
If your website is hosted in an Unix-like server, like Linux, you can use a tool called grep [1] to recursively scan your entire website for a specific text. You will need to execute this command [2] via SSH. If you don’t have SSH access to your web server, you can any regular code editor to search through all the files, you don’t need to do this file-by-file, it would take you a significant amount of time.
Searching the malicious text in the database is also a good idea. You can execute a SQL statement like this [3] against each table, in this case, you will have to do it manually, one time per table. Or you can export the entire database into a single SQL file and search the text using a code editor.
By the way, be sure to reset the Sucuri plugin cache first before resetting the website cache. If I am not mistaking, you are using a plugin called “Cache Enabler”. It is also possible that the warnings are only showing up because the website cache still contains the text which may or may not exist anymore in the real source code.
[1] https://en.wikipedia.org/wiki/Grep
[2]grep -E -r -n "eval\(" /directory/where/wordpress/is/installed/
[3]SELECT * FROM table_name WHERE column_name LIKE "%eval(%"I just scanned your website using the same tool, but didn’t see the warnings [1].
It is possible that the warnings that you are seeing reported by the plugin, obtained by communicating with the same tool liked below, are already resolved and are just showing up in the dashboard because they are cached in this file [2]. You can go to the settings page, and reset the cache using the button in the “Data Storage” panel.
However, if you want to be sure that your website is really clean, I suggest you to search this text
eval(through out the entire website. Review the content of the files to determine if they are malicious or not. The page that you liked in your comment explains what the error means, it seems that when the plugin was scanning your website for malware, it found one or more files with multiple calls to the eval PHP function [3].Let me know if you need more information.
[1] https://sitecheck.sucuri.net/results/zonderfamilylaw.com
[2] /wp-content/uploads/sucuri/sucuri-sitecheck.php
[3] http://php.net/manual/en/function.eval.php@jkuzma I understand, it certainly is frustrating.
@ycampo created a fix here [1] to prevent the deletion of the plugin’ settings during the deactivation process. This will significantly reduce, if not stop, the problems that you are facing in the websites that you are maintaining. Please wait a few days while we run additional tests for the new code. A new version will be released soon.
[1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/60/files
@ycampo submitted these changes [1] to fix the problem with the settings.
Once these changes are approved and merged, an update will be released.
[1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/60/files