frenchomatic

Well fresh WP core files doesn’t do it and neither does it run when I deactivate all plugins. I think there must be a server issue even if it runs on other domains. Lightspeed server is a pain – I notice my host is doing work on it to reset it at the moment.

That is all I have in my .htninja file which is sitting just above public_html. I am going to reinstall wordpress core files completely. Just to eliminate that.

<?php
/*
+===================================================================+
| NinjaFirewall optional configuration file |
| |
| See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
+===================================================================+
*/

// Users of Cloudflare CDN:
if (! empty($_SERVER[“HTTP_CF_CONNECTING_IP”]) &&
filter_var($_SERVER[“HTTP_CF_CONNECTING_IP”],FILTER_VALIDATE_IP)) {
$_SERVER[“REMOTE_ADDR”] = $_SERVER[“HTTP_CF_CONNECTING_IP”];
}

Well A2 hosting came back and after many hours, they can’t figure it out. No error logs showing anything meaningful. Their only comment was they believe something is not right in the plugin but they can’t pin it down. My response is how do I delete the whole thing and install it again. Just deleting it from the wp admin panel is bound to leave some traces somewhere. Does it put anything anywhere in the database for example that doesn’t get extracted when deactivated and deleted?

For me the logic of it working on an other domain on the same server, same WP version, same theme and same plugins, same .htaccess files everywhere doesn’t make sense. However, what I can say is even if I deactivate all plugins, the malware scan still doesn’t work. The plugin behaves impeccably on 15 other domains.

Not sure where to go next. I suppose the obvious thing to do is upload a completely new copy of WP. Disable the theme and use the default theme etc and then build out.

chmod it g+w (0775) – nope that has not worked. Hosting admin says “it looks like signature parsing error, i.e. unable to load signature, but there is absolutely nothing in the log files, neither modsec log is showing anything.”

Excellent news – thank you. I thought that would be the case. Hacking never stop. It is persistent.

Basically when i press the scan blue button – I get dots of it processing – then the message “Une erreur est survenue : OK” in a grey box and then when i close the grey box I get Chargement des signatures : Erreur. Transalted that means error in loading signatures. The question is why would it do this on just one domain and none of the others on the same server? Baffling. It is a shared hosting environment so I can only go up the directory path.

Yes I am receiving that error but on only one domain where it works on many others where WP version, plugins and even the theme are the same.

I have deactivated the plugin and reinstalled it. I then uploaded a ninja config file from a domain where there are no issues. It still will not do a malware scan. I notice I do have extra files in the cache folder that are not present elsewhere :

malscan_time.php (empty) , malscan_tot.sigs (sigs:1929), malscan.count(empty), mailscan.ed(empty),

malscan.log

1486048686: [AX] Entering ajax callback
1486048686: [AX] POSTing request to https://www.mydomain.com/wp-cron.php
1486048686: [CR] Starting cron
1486048686: [CR] Starting malware scan
1486048686: [CR] Cleaning cache
1486048686: [CR] Loading NinjaFirewall’s signatures
1486048686: [CR] Looking for potential user-defined signatures
1486048686: [CR] No user-defined signatures found
1486048686: [CR] Scanning files
1486048708: [CR] No malware found
1486048708: [CR] Exiting malware scan

Then malscan.mem (20160864)

If I then compare this with a domain that works

I only have malscan_time (empty) and

malscan.log (full of details but it does show an error in that log

1486043957: [FW] Fetching signatures from /home/xxx/public_html/xxxxxx.com/wp-content/nfwlog/cache/malscan_tot.sigs

Pretty confusing now. I have checked other working domains and they have slightly different files in their cache directories too.

• This reply was modified 7 years, 9 months ago by frenchomatic. Reason: no need to have a domain mentioned publicly

I have not been able to track it down. I just get loading of signatures -error. I have not added any signatures as far as I am aware. Where would added signatures be?

Reinstalled W3 total cache and the error disappeared.

Sure – please feel free to delete my posts. I will start up a new topic. It does however impact the plugin in the sense that conformity could become a major issue.

I wish to be really clear because the subject can become emotive. I am fully in favor of developing standards and indeed providing tools and services which make life easier for people with disabilities. For example, a council office without a ramp or lift for wheel chairs is a disgrace. However, there has to be reason when law or standards start applying to graphic design or what many consider is art. We would not tell Picasso that he should paint like Monet or that he needed to use a different color palette.

Validate well in legal terms is not the same as conforms to the law. That is the nub of the whole issue. I have all my sites with 0 known problems, O likely problems but multiple potential problems.

I have found sites that validate up to a point but those without hundreds of potential problems (using an autochecker) or ones that would come anywhere close to satisfying most of my types of client, are far and few between. The issue I wish to highlight is two fold:

1. Legal battles should WCAG 2.0 and section 508 become a matter of law for web sites in the U.S. At present I just can’t see small design agencies or independent designers taking the risk of saying a web site conforms – albeit unless it is very basic and using a bog standard theme. Basically, many of the marketing type graphics will have to be removed and web sites will start to look bland and very much the same. That reduces a key business imperative which is differentiation. Nice features like using text on parallax images will become a nightmare to validate and contentious as to whether it is decoration or not.

2. Cost – whilst automatic checkers can give a good idea of the known and likely problems, even potential problems; the idea that a small design agency has access to a human audit of people with disabilities or a client wishes to pay for a human audit is of real concern. W3C must be bonkers. Whenever there is a human audit of anything it generates points of argument that can be exploited by lawyers.

Yes – https://genesis-accessible.org

This site may end up validating with some further work but frankly- it is minimalism for blogging. Some love it and some think it is a boring design. It is not going to fit the brief of say a dentist in the United States or similar type client.

I would be really interested to see some good top notch web sites which are accessible WCAG 2.0 level AA at least equivalent to what prevails today in the wild. Ones that pass 0 known, 0 likely and 0 potential. In other words they conform and are likely to considered under the law as compliant.

Could you please give some examples?

For me WCAG 2.0 is ill thought out and focusses only on utility – the art is gone and the web will be poorer for it. One person with a disability says they can comprehend and fully see the site and another with the same disability says they can’t. It doesn’t seem well thought out.

As a person with no accessibility problems, I look at some web sites and I can’t make head or tail of them. However, they simply don’t get my time or money.

What I am really trying to say is that accessibility is a worthy endeavor but how a project gets put together from an economic point of view and checked from a legal standpoint is where any robust set of standards begins. Today, putting a small business web site together may be a few hundred dollars but if you drive up the cost to several thousand and there is no automated checking which is 100% reliable and legally accepted, then WCAG 2.0 is a recipe for chaos.

I will get to work on this and come back if and when a soltion is found so that others who have this issue may end up with a solution.

Forget that – I just get a 403.