rmang
Forum Replies Created
-
Forum: Plugins
In reply to: [WooCommerce] Activating WooCommerce causes mass calls and crashes websitesTried both disabling the option and rolling back woo to 8.4.0, still looping calling css files, and then the php-fpm child is never closed, so they build up until max children are reached. Here are all the plugins installed:
49 installed plugins:
A activecampaign-subscription-forms 8.1.14
A activecampaign-for-woocommerce 2.5.5
A add-from-server 3.4.5
A advanced-coupons-for-woocommerce-free 4.5.9.2
A advanced-coupons-for-woocommerce 3.5.8.1
A ahrefs-seo 0.10.2
A all-in-one-favicon 4.8
A fusion-builder 3.11.3
A fusion-core 5.11.3
A powerpress 11.4.5
A broken-link-checker 2.2.4
A classic-widgets 0.3
A duplicate-menu 0.2.2
A duplicate-page 4.5.3
A easyconnect_auth 2.0
A duracelltomi-google-tag-manager 1.19.1
A intercom 2.6.5
A jetpack 13.0
I nitropack 1.11.0
I pinterest-for-woocommerce 1.3.20
A pixelyoursite-pinterest 5.3.2
A pixelyoursite-pro 9.12.0.1
A redirection 5.4.2
A rename-wp-login 2.6.0
A scripts-n-styles 3.5.8
A simple-user-avatar 4.3
A social-warfare 4.4.5.1
A social-warfare-pro 4.3.0
A sucuri-scanner 1.8.41
UA team-showcase 2.2.4
I updraftplus 1.23.16
UA woocommerce 8.4.0
I woo-gutenberg-products-block 11.7.0
A woothemes-updater 1.7.2
I woocommerce-legacy-rest-api 1.0.1
A woocommerce-paypal-payments 2.5.1
A woocommerce-services 2.4.2
A woocommerce-gateway-stripe 7.9.1
A woocommerce-zapier 2.10.0
A woocommerce-subscriptions 5.9.1
A wp-add-mime-types 3.1.1
A wp-recipe-maker 9.1.2
A wp-recipe-maker-premium 9.1.0
A wp-rocket 3.15.8.1
A wp-rocket-compat-wc-cart-fragments
A wp-rollback 2.0.6
A wordpress-seo 21.9.1
A zapier 1.0.4
D advanced-cache.php Legend: A = Active, I = Inactive, D = Drop-In, U = Update AvailableIf we disable Woo it stops entirely. Once enabled, it just loops like this:
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/assets/css/photoswipe/default-skin/default-skin.min.css HTTP/1.0" 403 199 "-" "-"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/product-sku.css HTTP/1.1" 403 199 "-" "WordPress/6.4.2; https://XXXX"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/product-stock-indicator.css HTTP/1.0" 403 199 "-" "-"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/product-categories.css HTTP/1.1" 403 199 "-" "WordPress/6.4.2; https://XXXX"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/product-image.css HTTP/1.0" 403 199 "-" "-"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/product-search.css HTTP/1.1" 403 199 "-" "WordPress/6.4.2; https://XXXX"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/product-sku.css HTTP/1.0" 403 199 "-" "-"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/product-template.css HTTP/1.1" 403 199 "-" "WordPress/6.4.2; https://XXXX"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/product-query.css HTTP/1.0" 403 199 "-" "-"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/product-search.css HTTP/1.1" 403 199 "-" "WordPress/6.4.2; https://XXXX"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/product-sku.css HTTP/1.0" 403 199 "-" "-"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/packages-style.css HTTP/1.1" 403 199 "-" "WordPress/6.4.2; https://XXXX"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks.css HTTP/1.0" 403 199 "-" "-"
216.38.11.131 - - [30/Jan/2024:14:41:29 -0500] "GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/reviews-by-product.css HTTP/1.1" 403 199 "-" "WordPress/6.4.2; https://XXXX"Forum: Plugins
In reply to: [WooCommerce] Activating WooCommerce causes mass calls and crashes websites@shameemreza – That does not apply here, as the css files get called over and over, not 403, and no WAF in place.
Forum: Plugins
In reply to: [WooCommerce] Activating WooCommerce causes mass calls and crashes websitesWe’re seeing the same issue on a woo site. All plugins updated, no malware, etc… Disabling woo stops it. Plugins:
+---------------------------------------+----------+--------+----------+
| name | status | update | version |
+---------------------------------------+----------+--------+----------+
| activecampaign-subscription-forms | active | none | 8.1.14 |
| activecampaign-for-woocommerce | active | none | 2.5.5 |
| add-from-server | active | none | 3.4.5 |
| advanced-coupons-for-woocommerce-free | active | none | 4.5.9.2 |
| advanced-coupons-for-woocommerce | active | none | 3.5.8.1 |
| ahrefs-seo | active | none | 0.10.2 |
| all-in-one-favicon | active | none | 4.8 |
| fusion-builder | active | none | 3.11.3 |
| fusion-core | active | none | 5.11.3 |
| powerpress | active | none | 11.4.5 |
| broken-link-checker | active | none | 2.2.4 |
| classic-widgets | active | none | 0.3 |
| duplicate-menu | active | none | 0.2.2 |
| duplicate-page | active | none | 4.5.3 |
| easyconnect_auth | active | none | 2.0 |
| duracelltomi-google-tag-manager | active | none | 1.19.1 |
| intercom | active | none | 2.6.5 |
| jetpack | active | none | 13.0 |
| nitropack | inactive | none | 1.11.0 |
| pinterest-for-woocommerce | inactive | none | 1.3.20 |
| pixelyoursite-pinterest | active | none | 5.3.2 |
| pixelyoursite-pro | inactive | none | 9.12.0.1 |
| redirection | active | none | 5.4.1 |
| rename-wp-login | inactive | none | 2.6.0 |
| scripts-n-styles | active | none | 3.5.8 |
| simple-user-avatar | active | none | 4.3 |
| social-warfare | active | none | 4.4.5.1 |
| social-warfare-pro | active | none | 4.3.0 |
| sucuri-scanner | active | none | 1.8.41 |
| team-showcase | inactive | none | 2.2 |
| updraftplus | inactive | none | 1.23.16 |
| woocommerce | active | none | 8.5.1 |
| woo-gutenberg-products-block | inactive | none | 11.7.0 |
| woothemes-updater | active | none | 1.7.2 |
| woocommerce-legacy-rest-api | inactive | none | 1.0.1 |
| woocommerce-paypal-payments | active | none | 2.5.1 |
| woocommerce-services | active | none | 2.4.2 |
| woocommerce-gateway-stripe | active | none | 7.9.1 |
| woocommerce-zapier | active | none | 2.10.0 |
| woocommerce-subscriptions | active | none | 5.9.1 |
| wp-add-mime-types | active | none | 3.1.1 |
| wp-recipe-maker | active | none | 9.1.2 |
| wp-recipe-maker-premium | active | none | 9.1.0 |
| wp-rocket | active | none | 3.15.8 |
| wp-rocket-compat-wc-cart-fragments | active | none | |
| wordpress-seo | active | none | 21.9 |
| zapier | active | none | 1.0.4 |
| advanced-cache.php | dropin | none | |
+---------------------------------------+----------+--------+----------+Forum: Fixing WordPress
In reply to: iFrame Hack on Several WP SitesThis type of FTP hack is quite common these days. In almost every case it is an infected PC (with malware) that collects FTP u/p information from FTP programs on the PC. This data is transmitted to the hacker network, that then runs bots to insert iframe malicious code in index* pages, .htaccess, main* pages, etc… all automatically.
Run a full a/v scan, and then download and run malwarebytes.org software once it’s updated on any PC that might have your FTP u/p stored in an FTP program (including designers, developers, SEO, outsource companies, etc…)
Forum: Fixing WordPress
In reply to: 2.03 to 2.04 dashboard issueMore details:
The URL for the dashboard link is:
https://xyz.com/wp-admin/admin.php?page=index.phpinstead of the expected:
https://xyz.com/wp-admin/index.phpafter the upgrade. Hope this helps to shed some light on this issue. Thanks.
Forum: Fixing WordPress
In reply to: May 27 security update question1.5.1.1 has the code:
—
function get_the_category_by_ID($cat_ID) {
$cat_ID = (int) $cat_ID;
$category = &get_category($cat_ID);
return $category->cat_name;
}
—1.5 has the code:
—
function get_the_category_by_ID($cat_ID) {
global $cache_categories, $wpdb;
if ( !$cache_categories[$cat_ID] ) {
$cat_name = $wpdb->get_var(“SELECT cat_name FROM $wpdb->categories WHERE cat_ID = ‘$cat_ID'”);
$cache_categories[$cat_ID]->cat_name = $cat_name;
} else {
$cat_name = $cache_categories[$cat_ID]->cat_name;
}
return($cat_name);
}
—Is putting the line “$cat_ID = (int) $cat_ID;” at the top of the function for 1.5 viable, or is this security issue only affecting 1.5.1?
Rob