yorman
Forum Replies Created
-
@caordawebsol — in your case, it is probably that the amount of data in this file [1] is too much to be processed by your server, so the process is timing out and closing before the task finishes. This, depending on the configuration of the web server, causes a “500 Internal Server Error”.
What you can do for now is to use FTP or the file manager of your hosting account to delete that file. You will lose some of the security logs, but it should help you reduce the execution time which is what seems to be affecting the plugin in your website.
Let me know if this helps, otherwise we can continue investigating.
IMPORTANT:
You have shared some sensitive information about your website in your comment, I think it is too late to delete/edit it so I suggest you to re-generate the secret keys of your WordPress installation so no one else can use this information to log into your administration panel.You were able to update your comment, good; be sure to never share sensitive information about your website in the forums.Both features implemented with these two commits [1][2]; feel free to install the development version of the code from here [3] or wait until the public release of version 1.8.9 which will happen in a couple of weeks.
Thank you for the suggestion.
[1] https://github.com/cixtor/sucuri-wordpress-plugin/commit/e454c67
[2] https://github.com/cixtor/sucuri-wordpress-plugin/commit/a56e846GoDaddy’s acquisition has nothing to do with the bugs that I have introduced to the code; this is merely a coincidence.
I have been planning these changes before they started the negotiations, so it is clear that their name and reputation shouldn’t be an excuse to justify the problems that have been introduced in the latest versions of the code.
All of the issues that have been mentioned by @7thcircle have been addressed almost immediately after they were reported in the forum here [1] however, since testing is such an important step during the development of any product, I have to wait until my co-workers finish that part before a new version with the included patches is released.
I appreciate the criticism nonetheless, I will try to reduce the introduction of bugs in future versions.
Please provide more details about this.
- How was the admin account created?
- Are you sure that the role of this account is “Administrator”?
- Can you locate this account in the database?
- Has any other admin account been created after this one?
- Any other relevant information that you can provide so I can investigate?
Since this was reported several days ago, but no additional information to investigate the issue has been provided, I will mark this ticket as resolved, but feel free to re-open if you can add additional details about this hidden admin account.
The problem with the language file can be fixed by deleting these two files [1][2] created by WordPress during its automatic updates. Or you can install the development version of the code from here [3] which already includes a fix. You can also wait for the public release of version 1.8.9 which will happen in a couple of weeks, we will merge this and other bug fixes that are being testing at the moment.
[1]
/wp-content/languages/plugins/sucuri-scanner-en_US.po
[2]/wp-content/languages/plugins/sucuri-scanner-en_US.mo
[3] https://github.com/cixtor/sucuri-wordpress-plugin/archive/master.zipThis bug was fixed with commit #6736c59 [1]; thank you for the report.
[1] https://github.com/cixtor/sucuri-wordpress-plugin/commit/6736c59
Forum: Plugins
In reply to: [Sucuri Security - Auditing, Malware Scanner and Security Hardening] RTLThank you for the suggestion; implemented with commit #95e5ecc [1].
[1] https://github.com/cixtor/sucuri-wordpress-plugin/commit/95e5ecc
Hello @everyone I want to thank you all for the bug reports and your patience. I fixed this bug a couple of days ago and the changes are now available to be downloaded from the development repository [1][2][3] if you need an immediate fix, otherwise please wait until the public release of version 1.8.9 which will happen in a couple of weeks.
The problem was basically caused by the automatic update mechanism that WordPress provides to upgrade its own core files, when it runs it creates a copy of the language files used by the Sucuri plugin but with the wrong translation or no translation at all.
Marking as resolved, feel free to re-open or create a new ticket if you need more information.
[1] https://github.com/cixtor/sucuri-wordpress-plugin
[2] https://github.com/cixtor/sucuri-wordpress-plugin/commit/81f2503
[3] https://github.com/cixtor/sucuri-wordpress-plugin/archive/master.zipThe Sucuri WordPress plugin doesn’t sends any mail with the text “your website affected by malware”.
Please send a copy of that mail to us so we can tell which system is sending you those alerts, you can contact us at info@sucuri.net and please specify the link to this ticket so the person in the inbox understands what we are talking about.
Marking as resolved (or more like wont-fix as this is not really a bug in the plugin’s code) feel free to re-open if you need more information.
The hardening is applied using the access control file by the Apache web server. This file acts against the directory where it is located and the entire sub-tree, it makes no sense to specify the full file path in this file because that is not how the access control in Apache works.
If you want to specify the entire directory path, you will have to create a different
.htaccessfile in the same directory where the file that you want to whitelist is located, in this case here [1] and then specify “style-custom.php” alone.The hardening applied by the Sucuri plugin places a
.htaccessfile here [2] and because the defined rules cover the entire sub-tree you don’t need to specify the parent nor sub-directories to whitelist that file.[1]
/wp-content/themes/book-store/stylesheet/.htaccess
[2]/wp-content/.htaccessThe default value for the “IP Discoverer” option have not been changed in many months, however, if you have a valid Firewall API key this option will be automatically enabled as it is required to fix the IP address of your visitors in the audit logs.
As for the colored bars, this is a problem with the language files.
The problem with the language file can be fixed by deleting these two files [1][2] created by WordPress during its automatic updates. Or you can install the development version of the code from here [3] which already includes a fix. The changes in the development repository will be merged with the rest of the code after the end of the testing phase, we will make a public release in a couple of weeks.
[1]
/wp-content/languages/plugins/sucuri-scanner-en_US.po
[2]/wp-content/languages/plugins/sucuri-scanner-en_US.mo
[3] https://github.com/cixtor/sucuri-wordpress-plugin/archive/master.zipThis is a problem with the language files, nothing related with the API key.
The problem with the language file can be fixed by deleting these two files [1][2] created by WordPress during its automatic updates. Or you can install the development version of the code from here [3] which already includes a fix. The changes in the development repository will be merged with the rest of the code after the end of the testing phase, we will make a public release in a couple of weeks.
[1]
/wp-content/languages/plugins/sucuri-scanner-en_US.po
[2]/wp-content/languages/plugins/sucuri-scanner-en_US.mo
[3] https://github.com/cixtor/sucuri-wordpress-plugin/archive/master.zipThis error refers to the execution of a built-in PHP function
ob_start()inside a callback which is illegal as described here [1] however, there is no reference to this function in any of the files associated to the last logins page, all of these references are either in the audit logs, firewall, post-hack and malware scan pages.My guess is that something else in your website is trying to capture the buffer output prematurely, some cache plugins do this so if you are using one it may be a good idea to test again with that plugin disabled. Someone posted this [2] in the development repository of the WP-Super-Cache plugin, if you are using that you could have the culprit now.
Marking as resolved (or more like wont-fix as there is not enough information to determine if the bug is in the Sucuri plugin’s code or not) feel free to re-open if you need more information.
[1] http://php.net/ob_start
[2] https://github.com/Automattic/wp-super-cache/issues/126@jcimb — please use the “Network” tab in the web-developer tools of your web browser to inspect the response (specially the HTTP status code) of the Ajax request that is running with the action “get_audit_logs”. Without knowing what the response is, it will be impossible for me to give you a solution because the problem could actually be your web server more than the code that powers the plugin, so instead of investigating a bug in the code we could be facing a problem that only your hosting provider can resolve.
Same goes for @chanetsa and @caordawebsol let me know what can you see in the “Network” tab of your web browser dev-tools, I can provide a solution once we have more information about the cause of the infinite loading state.
This was reported a couple of days ago, assuming that the issue was temporary I will just mark this as resolved, but if you are still experiencing the same problems and can provide more details about what is happening in the Network tab of your web browser dev-tools, we can re-open the ticket and continue investigating.
This is a known problem, fixed in the development repository here [1] with this commit [2]; the problem is basically caused by the automatic update mechanism that WordPress provides to upgrade its own core files, when it runs it creates a copy of the language files used by the Sucuri plugin but with the wrong translation or no translation at all.
We received multiple reports from other users and decided to report internationalization support from the plugin. These changes will be merged with the rest of the code once the testing has been done, however, you are free to install the development version of the code from here [2] or wait until the public release of version 1.8.9 which will happen in a couple of weeks.
[1] https://github.com/cixtor/sucuri-wordpress-plugin
[2] https://github.com/cixtor/sucuri-wordpress-plugin/commit/81f2503
[3] https://github.com/cixtor/sucuri-wordpress-plugin/archive/master.zip