yorman

What’s your website?

Hello @alryts,

Sucuri Security detected the malware here [1].

Marking as resolved, let me know if you need more information.

[1] https://sitecheck.sucuri.net/results/astignews.com

Hello @darwinfamilylife,

Your website was scanned 2 hours ago, unfortunately, the scanner was unable to perform the necessary checks to confirm if your website is infected with malware or not. These temporary errors usually happen when the website is under heavy load, or when the response time takes longer than 20 seconds.

I requested a fresh scan just now and it appears to be okay [1].

The only warning that the scanner is reporting is with a directory listing in one of the WordPress core directories [2]. You should consider to patch that to reduce the amount of information hackers can gather while attempting an attack.

In the plugin, go to “Settings > Data Storage”, then select “sucuri-sitecheck.php”, and submit the form. This will force the plugin to remove the cache that contains the malware scan that failed 2 hours ago, and will download the new results, the ones that I requested just a few minutes ago.

Marking as resolved, let me know if you need more information.

[1] https://sitecheck.sucuri.net/results/www.darwinfamilylife.com.au
[2] https://www.darwinfamilylife.com.au/wp-includes/css/

Thank you so much for taking the time to write this review.

I genuinely appreciate every critique because that way I can improve the project a bit more. I apologize for the lack of clarity in the description page, specially regarding the features that are only available when people purchase the “Firewall” service. I’ll talk with the marketing team at Sucuri to see if we can change the text to make it more obvious that it requires a subscription in order to be able to use it.

didn’t find the free features very comprehensive/useful

That’s fair, the free features were originally implemented as complementary tools to the premium services that the company provides to its customers. The popularity of the plugin grew, and more people in the community started using it. Unfortunately, we have no control over what people recommend in the forums. I usually try to clarify things as much as possible, here is an example [1].

I’ll try to implement more useful features.

Thank you very much.

[1] https://wordpress.org/support/topic/very-satisfied-64/#post-11363788

Hello @a1exus,

Please contact a Sucuri Support Agent for assistance with your monitoring account (click that link to talk to one). This forums is only to provide support for the Sucuri WordPress plugin, and since your questions are not related with the plugin I cannot help you.

Side note…

I don’t understand why you executed that grep command? Why are you searching for a CSS file inside that PHP file? Also, when using the command ls, if you add a question mark, the shell will interpret that as “select any character” which may change your search results. Also, if the file actually exists in the directory where you are searching, you shouldn’t add the query parameter ?v20190131 because that’s not part of the filename.

Marking as resolved, let me know if you need more information.

Yes, that’s the one.

So the plugin is failing to load the audit log because when the Ajax request is sent, the server is returning a “500 Internal Server Error”. So this really is a problem unique to your website, and not a bug in the plugin.

Troubleshooting a 500 error is very difficult without access to the web server, because the problem in itself is very ambiguous. There’s a myriad of things that could cause that error, and it is always vague which makes things worse.

The best thing I can say is, disable all plugins except Sucuri Scanner, then test again. If it works, then start enabling the other plugins one by one until the page fails, then you would have found the culprit. If the page fails to load even with all the plugins disabled, then we can start making patches to the code to see which specific line is causing the issue, but before we get there I want to rule out the first option.

Let me know when you have tested with all the other plugins disabled.

Hello @bob-wagstaff,

Thank you for sharing the JavaScript error log.

Can you also share the XML HTTP Request (XHR) response?

The error in the JavaScript console says “TypeError: Cannot read property ‘title’ of undefined” after trying to execute this function [1], but strangely there is no such thing as “title” in the code, so I am not sure what the error is referring to. There’s also another error “Uncaught TypeError: Cannot read property ‘toString’ of undefined” from this other function [2] which is can actually be backtracked to the POST request a few lines after, when it passes the JSON object from variable data.

Apparently, something in this function [3] is failing, but it is not clear what exactly. Sharing the raw response from the HTTP request will help. Hopefully there will be more information from there, however, if the response is empty we will have to go back and forth with a lot of questions while investigating this issue because I am unable to reproduce it in any of my websites, it seems to be failing only in your website, so I can only fix this with your help.

I’ll wait for your reply.

[1] sucuri-scanner/inc/tpl/auditlogs.html.tpl:L17-L59
[2] sucuri-scanner/inc/tpl/auditlogs.html.tpl:L6-L15
[3] sucuri-scanner/src/auditlogs.lib.php#L53-L75

Hello @krishnaguragain,

DDoS protection is already implemented in Sucuri Firewall [1].

And just so you know, blocking an IP address doesn’t stops a DDoS attack. The Sucuri Firewall uses much more complex, and smart blocking techniques to handle the aggressive load that a DDoS attack produces. The company has handled several Tbps in malicious traffic during all these years, and keeps on protecting millions of websites in the Internet using the same system.

Give it a try!

[1] https://sucuri.net/website-firewall/