yorman
Forum Replies Created
-
Here is a mor organized version of the reported events:
system | Post deleted | 3831 | customize_changeset | trash | 2018-04-03 14:37:53 | (empty) system | Post deleted | 3858 | customize_changeset | trash | 2018-04-04 08:38:00 | (empty) system | Post deleted | 3860 | revision | inherit | 2018-04-04 16:41:10 | C36000 Free Cutting Brass (CuZn36Pb3) system | Post deleted | 868 | product | trash | 2018-04-04 17:03:17 | C36000 Free Cutting Brass (CuZn36Pb3) system | Post deleted | 3881 | post | auto-draft | 2018-04-28 01:07:38 | Auto Draft
- 1st event on post #3831 is explained by this [1]
- 2nd event on post #3858 is explained by this [2]
- 3rd event on post #3860 is explained by this [3]
- 4th event was created when the revision in the 3rd event was trashed
- 5th event was created when a new post was started and WordPress automatically created a draft. You can read more about the auto-draft functionality here [4]
Marking as resolved, let me know if you need more information.
[1] https://make.wordpress.org/core/2016/10/12/customize-changesets-technical-design-decisions/
[2] https://make.wordpress.org/core/2016/10/12/customize-changesets-technical-design-decisions/
[3] https://codex.wordpress.org/Revisions
[4] https://codex.wordpress.org/Post_Status#Auto-DraftHello, I passed your original message to our GDPR department but they haven’t replied yet. I will send it again today and will update this ticket with more information when they get back to me. Alternatively, you can contact them directly sending a message to this email: [removed].
Perfect! I am glad you were able to fix the issue 🙂
@gerdski — it should be available before May 25, 2018.
I’ve found a “sucuri” folder inside the “upload” folder
The files in this folder [1] are not functional.
They are simply used to store data; they don’t do anything else.
I’ve found another sucuri related file in another folder
Which folder? And what’s inside that file?
[1]
/wp-content/uploads/sucuri/Forum: Plugins
In reply to: [Sucuri Security - Auditing, Malware Scanner and Security Hardening] CookiesI need to know the names of the cookies this plugin uses […]
This plugin does not sets any cookie.
I don’t see how the Sucuri plugin could be affecting the accessibility of your website if you deleted the code. If the problem is still persistent, wouldn’t it make more sense to blame the code that is still running?
What other plugins are currently installed in the website?
I am fairly certain that something else is blocking you from accessing the admin panel, probably another 3rd-party plugin. Some plugins insert special rules into the access control file, also known as “.htaccess”, these rules can affect your accessibility if they are not applied corrected. I would inspect these two files [1][2] (if they exist) and review all the rules.
Have you tried contacting your hosting provider?
They have full access to your server and can inspect these files for you. I can simply guess what the problem is because I don’t have access to your server to properly investigate the issue. If you can share more information I may be able to give you more suggestions.
[1]
/.htaccess
[2]/wp-admin/.htaccessI just tried to access your website and got immediately redirected to another website that contains code written in JavaScript used to trick people to think that their computer got infected with a virus. Here is a copy of the code in case it gets deleted [1].
The only thing I can recommend right now is:
- Put your website in maintenance mode while you continue the investigation
- Get rid of the redirection which I believe is part of the infection
- Compare the source code for the WordPress files with a regular installation to see if there are differences
- Reset all the plugins and themes that you have installed with a fresh copy from the WordPress repositories
- Keep 3rd-party plugins and themes disabled for now
- Download a copy of your database and reset all the data
- Then start activating the plugins and themes one at a time
- Migrate the tables in the database from the backup, one by one
- Each time you migrate something, scan the website
Trial and error is the only way I can offer you right now to find the source of the infection. There are thousands of different ways to hide malicious code. I cannot give you a better advice without having access to the code and database. See if you can get any assistance from your hosting provider, maybe they can run some scanner in the server as well, some times the malware is directly embedded in the web server modules.
Use either FTP or the file manager provided by your hosting control panel to navigate to this directory “/wp-content/plugins/” then delete the “sucuri-scanner” folder. If the problem is really caused by the plugin, the deletion of the code inside this folder will be the solution.
If the blockage persists, we can assume that it’s coming from another plugin.
Marking as resolved for now, let me know if you need more information.
I will pass this to my project manager. Once they assign a priority and pass the ticket back to me I will investigate and provide a solution. Thank you for reporting the issue.
@paulbself the link was added back with these changes [1] but they haven’t been approved by the owner of the project. Once they merge the changes into the development repository, a new update will be released with the previous functionality.
Alternatively, you can install the development version of the code from here [2].
[1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/54/commits/1e1d0ab
[2] https://github.com/cixtor/sucuri-wordpress-pluginLet me explain the workflow of the malware scanner:
- The plugin checks if “sucuri-sitecheck.php” exists,
- If the file exists, it shows the content of the file in the dashboard,
- If the file doesn’t exists, the plugin requests a scan from SiteCheck,
- SiteCheck runs the web scanner against your website from a remote location,
- SiteCheck stores the result of the scan in a remote cache system,
- SiteCheck sends a copy of the result of the scan to the plugin,
- The plugin stores a copy of the result of the scan in that file,
- When you visit the plugin’s dashboard, the process starts again.
Having this clear, lets take a look at your situation:
- You confirmed that SiteCheck is not reporting any warnings,
- You confirmed that the local cache file has been deleted,
- You are still seeing warnings in the dashboard page,
Considering this information, we can conclude that not the plugin nor SiteCheck are holding the warnings anymore. This leads me to believe that your hosting provider is generating a third layer of cache for whatever reason and that’s why you are still seeing the malware scan warnings. I suggest you to talk with the support team of your hosting provider to reset it.
The warning appears because the plugin detected 3 files in the root of your WordPress installation that do not belong to a regular WordPress site.
You can safely delete both the “readme” file and the “error_log”. The other file was created by another plugin and it is up to you to decide what to do with it, you can either delete it if you think is useless or mark it as fixed if you think is harmless.
Once you execute these actions, the warning will disappear.
The wp-login.php file doesn’t appear to be compromised and it’s not getting flagged in my WordFence scans. What’s up with this?
You can mark the files listed in the table below the message “Core WordPress Files Were Modified” as “fixed”. If you believe the modifications are not product of a malicious infection, but instead are the result of the installation of additional extensions, then the flags are probably a false/positive.
I am not aware of any issues while using mu-plugins.
But I also haven’t tested much if it actually works or not.
Give it a try, if you see something broken just let me know and I will fix it.