yorman
Forum Replies Created
-
Hello @kampun,
My installed version of PHP is 7.2.0 and your plugin shows the outdated version is 7.2.14 (The same way it says for Apache)
Can you share the link to your website so we can investigate and fix the issue?
Another concern is that on the dashboard I can see that there are few files’ list is mentioned. For which it says that WP core files changed. When I have followed any particular file and clicked on it, it says this is not WP core file. Pl have a look the list mentioned herewith.
I think you forgot to include the file list.
There are three categories of files that will appear in the table: added, modified, deleted. If the file is not part of a normal WordPress installation, it will be flagged as “added”, this is what I think you are referring to. It is up to you what you want to do with these files, you can mark them as “fixed” if you consider they are benign.
—
UPDATE: After editing your post to add the missing screenshots, I checked and in fact the files that are listed are all flagged as “added” (notice the green flag). You can delete them all if they were not added by a web developer, or mark them as “fixed” if you don’t want the plugin to scan them in the future.
As for the inconsistent comparison of the PHP versions, that’s in fact a bug in our side. I’ll pass the information along to the development team so they can take a look and fix it.
Thank you.
Hello @weepee,
Let’s take a look…
- The message comes from function SucuriScanHook::hookPublish()
- The function runs when a publish_page event is triggered
- The function runs when a publish_phone event is triggered
- The function runs when a publish_post event is triggered
- The function runs when a xmlrpc_publish_post event is triggered
- “ID” and “Name” come from the database via get_post
Is it possible that Sucuri sents these “Post Update” warnings when someone *tries* to update a post but actually fails to do so?
No, according to the code, the actions mentioned above can be executed from anywhere in the code (from a plugin, theme, or even a small script), however, the action simply passes the ID of the post to the Sucuri plugin, then the plugin searches the post in the database, and uses this data to write the message for the email alert.
It may be worth checking the access logs of your website to see what requests match the IP address reported in the email. It is possible that you can find more information there to explain how the attacker was able to trigger the email alert, even though —as you said— the post appears untouched in the database.
Hello,
The text
Vuln!! Path it now!!is simply the title of a post that someone created in that website. If your friend searches a post with the ID 1195, they will be able to find the post or page with the suspicious content. They can visit the page using this link [1] where “example.com” is obviously their real website.Also, you should know that some plugins use the same posts table to store data. It is possible that your friend installed a plugin that allows people to submit text, for example, a contact form, feedback page, or something similar. The plugin has no way to distinguish them other than using the “post_type”.
He installed a backup. His site is and was updated.
Considering this, the post may not exist anymore, and they will not be able to investigate further. Having a copy of the database after the alert was sent would be helpful. But if they already installed a backup, from before the event was triggered, then —unfortunately— there is nothing to investigate.
Let me know if you need more information.
Marking as “resolved” after two (2) months of no replies
Unfortunately, this forum doesn’t allows me to mark tickets as “closed”, so while the issue is not really resolved, there is no other relevant status I can use in this case.
Feel free to re-open the ticket if you need more information.
Hello @alexlii,
Sorry for the delay.
To answer your question we need to consider if you have a Sucuri subscription or not. If you have, then you have access to a service called “Sucuri Firewall” [1] which is a filter that lives between the Internet and your website, and blocks attacks. In this case, you would not need Wordfence at all.
However, if you do not have a Sucuri subscription, then you also don’t have access to the firewall. I believe Wordfence has a rudimentary firewall among its features, so I suppose you may want to keep it active to add some protection to your website. In this case, you can keep both plugins active.
Additionally, I’m not aware of any incompatibility between Wordfence and the Sucuri WordPress plugin, so in theory you could keep both plugins running at the same time, but as I said, if you have the “Sucuri Firewall” then having Wordfence is unnecessary.
Marking as resolved, let me know if you need more information.
Hello @popvid,
Thank you for your message.
I’m glad you find the features in the plugin useful.
However, I want to clarify that the plugin does not provide active blocking of malicious HTTP requests. If your website is behind the “Sucuri Firewall” [1] then the plugin is simply reporting what the firewall is blocking. But if you do not have any firewall, from Sucuri or any other company, then the plugin is simply alerting the website owner(s) about suspicious events that occur when someone tries to attack the website, but it doesn’t block the attack.
Some people have complained in the past because they were confused about how the plugin works. I want to make sure that whoever reads your review doesn’t think that the free plugin is doing all the work, when in reality it’s a more complex and powerful system behind it —the Sucuri Firewall— who’s stopping the attacks.
Hello @kiwiwend,
According to the error message, you are using
sucuri-wp-plugin.This is a very old version of the Sucuri WordPress plugin, deprecated more than five (5) years ago. We used to call it “Sucuri Premium”, and was supposed to be an additional tool given to Sucuri customers after along with their subscription. However, it was difficult to continue the development of both versions of the plugin (free and premium) at the same time, so I migrated all the features to the free plugin. Sucuri emailed all their customers about this change years ago, but it is possible some emails didn’t receive the alert.
I suggest you to install that plugin, as we do not support it anymore.
And install this one instead — https://wordpress.org/plugins/sucuri-scanner/
Marking as resolved, let me know if you need more information.
Hello @stevengliebe,
Both problems “Account email address was not found” and “Domain was not found” have the same cause: the rename of your account identifier, which for this specific part of the software is your email address. All your API keys are now invalid, you’ll have to generate a new set of keys, and update the WordPress Sucuri plugin to use the new one(s).
- Visit https://waf.sucuri.net/
- Select the website from the list
- Visit the “API” page as seen here [2]
- Click “Refresh” to generate the new keys
- Copy and paste the new key into the plugin
- Submit the form, and wait for the result
Marking as resolved, let me know if you need more information.
[1] https://kb.sucuri.net/plugins/firewall-plugin-setup
[2] https://kb.sucuri.net/uploads/api-keys.pngHello @ferguswebsites,
I could not log into my site: “You have been locked out due to too many invalid login attempts.” (I did not try to log in before?)
This message is not coming from the WordPress Sucuri plugin.
Initially I tried to regain access by renaming the sucuri plugin folder – that didn’t work.
Yes, that will never work, because as I said before, your access to the website was not denied by the Sucuri plugin. Something else in your website is blocking you, maybe another security plugin, or even a firewall.
Let me know if you need more information.
Thank you for the details.
I think is better to talk with Hostgator and see if they can offer some explanation about the results. Meanwhile, you can use the “IP Address Discoverer” option located in “Sucuri Scanner > Settings > General” to select the server variable that will be used to display the correct IP address. This suggestion also goes for @hktang, @bdconnolly, and @mhschwarz as well.
Let me know if you need more information.
Hello @fastrak,
If you run a PHP script with
print_r($_SERVER);do you see the correct IP address in “REMOTE_ADDR”, “HTTP_X_FORWARDED_FOR”, “HTTP_CLIENT_IP”, or something similar? Not all hosting providers set the forwarded IP address in the same form, so I expect some edge cases like this from time to time. Unfortunately, I cannot predict them all, so I rely entirely on user reports to display the correct IP.Let me know if you can share more information.
Hello @jtremblay,
Sucuri does not let you change your license after purchase.
Did you try contacting the sales team?
They are usually very helpful and understanding if you explain your decision to change anything about your account. Feel free to chat with them via chat (there’s one in the home page of the official website), or via email.
Sucuri’s software fails to clean up properly.
Can you please explain? This is —as of now— a vague statement.
What was the malware that your website was infected with?
Why do you think the infection was not cleaned up properly?
Horrible customer service.
Can you also be more specific regarding this one?
Usually, when people are frustrated with a service or product, they usually blame customer service for all their problems. Unfortunately, without more details, it is impossible to agree or disagree with you.
If you have more details, please share it with us.
Does the Sucuri plugin have the same function as the All In One WP Security plugin?
Both plugins have a lot of features that do not compare to each other side-by-side. If you have questions about one specific features I can tell you more, but for now, I would say “No, they don’t have the same function”.
My site is in multisite network. So should the Sucuri plugin be activated on the network or separately on each site (main site and sub sites)?
Network activation — https://github.com/Sucuri/sucuri-wordpress-plugin/blob/111363e/src/globals.php#L88-L98
Hello @kampun,
You have installed a plugin that generates “Accelerated Mobile Pages (AMP)” [1].
I don’t know what plugin, so I cannot give you more details about why is it generating drafts with every web crawler visit. Try to disable such plugin and see if the alerts stop, if yes, then contact its developer and follow the conversation with them. If the alerts do not stop, then keep disabling other plugins until you find out which one is triggering the alerts.
Alternatively, you can go to “Sucuri Scanner > Settings > Alerts” and under the “Post Types” panel you will find a list of available post-types. Find the one matching the alerts that you are getting and uncheck it, this will force the Sucuri plugin to stop sending emails about these events.
Let me know if you need more information.
Hello @adz1111,
I’ve added the
“.htaccess”that you provided in one of my websites, and it didn’t cause the server to throw a “500 Internal Server Error” when I tried to access this URL [1]. I, unfortunately, have no other ideas to continue investigating this issue, if you have more information that you consider relevant, please share it.[1] https://wordpress.test/wp-includes/js/scriptaculous/wp-scriptaculous.js
