Roberto Jobet

Hi @jarnovos

Any clue?

BTW I have also another query about cookie banner strings, and that is, the “Cookie policy” and “Privacy statement” links at the bottom of the banner.

1) Since the Italian translations of both links are not correct, is there any way to update them?

2) In both links I entered the actual URLs of both cookie policy and privacy policy pages of my Italian site.
The problem is that the same URLs show up in the English cookie banner as well.
Am I missing something?

Hi again,

Reading carefully the Polylang instructions, I found out that all cookie banner strings, are already extracted by Polylang, so there’s no need to translate those strings in plugin’s settings section, but to translate them through Polylang string translations instead!

Hi @jarnovos

In plugin’s settings section, I translated all content in Italian, and now the cookie banner is showing up in Italian as expected.
I’ve noticed however, that when visiting our site’s English version, the cookie banner shows up in English automatically, with the default English text.

I presume therefore, that the instructions above for Polylang are useful only if I want to have custom translations of the default English text, is it so?

Kind regards,
Roberto

The problem was caused by the wp-content folder that was renamed to something else, so the plugin didn’t find the right path…

All good now!

Closing the ticket.

Solved!

I solved adding the following to .user.ini file:

auto_prepend_file = “/home/user/web/domain.tld/public_html/wp-content/nfwlog/ninjafirewall.php”

Maybe this can help anybody with the same issue!

Great, that solved the problem!

After activating it, I can safely remove the directive in wp-config.php file?

Regards

Hi,
Thanks for your quick reply!
I’ve noticed this injection during a malware scan, that found it in website’s DB:

Wamesjeoni
WamesjeoniQS
[email protected]
xxxx
viagra from the uk
viagra lavitra viagra
viagra 100mg
– viagra softabs
viagra uk buy
1
SUBMIT
No
39
5.164.203.239
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 Kinza/4.8.2
https://www.xxx.com/en/contact/
05/05/2020
8:29 pm

Investigating further, I’ve found in Sucuri security plugin log file, the following entry:
20:29
system: Flamingo_contact status has been changed (details):
ID: 37913, Old status: new, New status: publish, Title: [email protected]
IP: 5.164.203.239

This entry is related to a plugin (called Flamingo), that is installed in this website.
So it seems that the injection came through this plugin…

I’ve checked for any recent vulnerability for this plugin, but I didn’t find anything.
I’ve contacted plugin’s developer to investigate further…

I’ve tried to lookup into webserver Apache’s log file, but I don’t find any connection from this IP address yesterday at 8:29 pm….

How did he succeded to inject the code into website’s DB?!

Thanks for any help

• This reply was modified 4 years, 6 months ago by Steven Stern (sterndata).
• This reply was modified 4 years, 6 months ago by Steven Stern (sterndata).

Hi,

Moreover, I’m noticing that email messages are sent only if I log into WP dashboard and stay logged…

Quite strange…

Best regards

Hi,

No caching plugin….

I’m receiving 2 different email messages from Ninja FW: the first stating that there are 4 admin users, and the second one after a couple of minutes that there are 3 admin users…

I’m using the “Custom Admin Interface” plugin to hide one of admin users… maybe this setting is triggering something in Ninja FW?

Best regards

I made this scan today because I received the following notification from the waf firewall I’m using:

27/Mar/20 23:12:49 #4066228 CRITICAL 114 5.188.95.56 GET /index.php – Cross-site scripting – [SERVER:REQUEST_URI = /resources/tutorial/recover-admin-password/%20AND%201=1%20UNION%20ALL%20SELECT%201,NULL,%27%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E%27,table_name%20FROM%20inform…] – https://www.example.com

What made me freak out was that Malcure detected a malware just on the same url “…/wp-content/cache/all/resources/tutorial/recover-admin-password/index.html” that was targeted by the cross-site scripting attack…

I made a thorough analysis (WP backend, files and DB) of the website, but everything seems fine…

Severe

Hi again,

I’m still having issues with your plugin. Scheduled scan doesn’t find any changes…

First screenshot after scheduled scan https://snipboard.io/EXcNQD.jpg

Second screenshot after clicking on “Scan Now” button https://snipboard.io/E24A9q.jpg

Regards,
Roberto