Eli

Are you saying that you are unable to download the latest definition updates?

Could this empty page that you are seeing be caused be a 500 error that might be explained my examining the error_log files on your server?

I cannot say what might be causing this without more information but I am willing to help you figure out that cause and find a solution if you can check the log files and produce any relevant error messages that might help us to understand the problem better.

The scan feature is currently a manual process that requires you to actively run the scan in order to look for any infections present in the files or database. However, there are also the firewall features and the optional Brute-Force Protection that are actively protecting your site at all time while enabled.

The definitions are stored in the wp_options table with the option_name of “GOTMLS_definitions_blob” and currently use about 191KB of space, or around 518KB if you also have the Core File Definition (included with automatic updates). With each new definition added it might increase the definition size by anywhere from 200 bytes to 1,500 bytes, though many of the updates are only changes to existing definition and not additions of new ones, so those can be very small or even sometime smaller than the former definition (in which case the update will reduce the overall size of the definitions.

In short, these definition updates take up an significant amount of space in your database. The GOTMLS_definitions_blob will be automatically deleted from your database when you deactivate the plugin, and you can always download the latest definitions from within the plugin if you reinstall it.

Thanks for the followup. I would like to fix this today if possible but I may need more help from you to narrow down the cause. As mentioned I had thought that this issue was already fixed in my latest release, as all those who reported the issue with 4.23.56 also confirmed that it was fixed in 4.23.57, but if you are still having a similar issue then I need to take another look.

Is there any can provide me with more details to help me narrow down the cause? Perhaps this issue is only present on a subset of the sites on your server and not all, or maybe there is another reason the sessions suddenly stopped working on your server (like a read-only filesystem in the the temp directory where session files are written, or the temp partition is out of free space). Can you please contact me directly with any details that might help me troubleshoot this issue?

eli AT gotmls DOT net

Yes, there was a potential conflict with the Session changes in the Brute-Force Protection released in version 4.23.56 on Saturday. That is why I released another update on Sunday, version 4.23.57 should solve this issue for you.

Please download the latest version and let me know if you have any further issues.

Hi Dario,

I’m not sure what caused the delay but I can see from my sent mail that the email was sent to your gmail address about 2 minutes after you posted this topic on the support forum. I can also see that your account is now registered to that same email, so it looks like everything went though fine (just a couple minutes later than expected).

Also, if you are having any kind of issues with my website or account registration then you should contact me directly or at least post it on my website, not on the public WordPress forum.

Please email me directly if you have any more questions about your account:

eli AT gotmls DOT net

This error message suggests that the plugin was unable to scan or read the files in the …/uploads/2023/11 folder. The permissions listed there don’t seem to be the problem so I would guess that this has something to to with a memory limit or timeout issue on the server. There may be an unusually large number of file in that directory which could be contributing to the resource limit problem. You could try increasing the memory_limit value in the php.ini file on your server to allow PHP processes (like my plugin) to use more memory when scanning each folder.

Thanks again for your post. I have just updated my definitions to exclude this False Positive.

Please download the latest definition (NB34u) to confirm that this file is no longer flagged as a Known Threat.

Thanks for reporting this to me. I have confirmed that this is in fact a False Positive, and I will be whitelisting it ASAP.

In case you (or the developers) want to know why it was flagged, it was the usage of a variable function ($result) called inside a condition that was testing a $_REQUEST parameter. I can see now that those conditions are not always malicious even though it is a common pattern among malicious injections. What makes this particular usage of a variable function safe is that the $result() function was declared inside the Class Function that calls it, so scope is limited, and the variable function is not passed by the unrelated $_REQUEST parameter being validated in the surrounding condition.

I’m not sure why the developers chose to use a variable function like $result = function(… when they could have just declared the function properly, and there is always the potential to open up a security vulnerability if there is any chance that the variable can be altered before it is called, but in this case I can see no threat here so I will update my definitions to allow for this usage.

It’s hard to see exactly what threat was found because of how your pasted content got formatted when you posted it on this forum.

I understand that the scan “Found 8 Known Threats” like this one, but was there a problem or a question that prompted you to post this info?

Ok, Thanks for the details. I have released a plugin update that should fix this issue. If you have the opportunity to try it again, on this or any other site, then please let me know how it works for you.

Thank you for reporting these details. I think I have found the cause of this but I cannot recreate the error on any of my test sites, can you please send me a screenshot of the Anti-Malware Setting page in your wp-admin?

I also noticed in your screenshot that the scan found 1215 Known Threats, so I thought it would be helpful to point out that you can still go ahead and fix those threats that have already been found without waiting for the Complete Scan to finish. It may improve the speed and effectiveness of the scan to have those threats removed, and that may also decrease the CPU usage that GoDaddy is complaining about. Or you could just move your site to a better hosting provider where you hopefully will not have any more of these issues ??

• This reply was modified 1 year, 3 months ago by Eli.

First of all, I cannot express how important it is to use the Console tab in your browser’s Inspector to debug these kinds of issues. There can be any different reasons why the scan could be getting stuck and none of them are typically expected, so you will need to look for errors logged in your browse and/or on your server error_log files to see what is causing this issue.

Your first screenshot shows that the scan is getting stuck on a core JS file as well as 40 other files, or which we cannot see in that screenshot (Note: this is not a DB Scan issue as you originally reported). Regardless, the debugging info from your browser and/or the error_log file on your server should help you discover the actual cause. If I had to guess, I would say that either your memory_limit value in the php.ini file on your server is way too small, or else maybe your server is blocking the scan URL on these last few files. Look in the Console tab for 403 or 500 errors or any other error or security warnings, then check you error_log file on the server to see what is causing the error.

Your second screenshot shows your website taking time to load, there is no way to tell how long but obviously it is long enough for you to be concerned about it. I spoke to this briefly in my last reply but I will now explain in more detail. Your site is loading quickly for me every time I have tried it, so the problem must be on your or else it is an intermittent problem that I am not catching. It is clear from your screenshot that you are trying to load your site in a new tab while the 3rd tab in your browser is still trying to finish the scan. This will give you a false impression of your website’s page speed because Chrome will not load two requests for the same site at the same time, so it may take as long as 60 seconds for the scan process to finish the attempt on that failed file that it keeps getting stuck on, and only then will the new tab be queued up to load your site. If you really want to see your site loading at the same time as the scan is running then try opening your site from your phone or another computer that is not the one you are running the scan from.

• This reply was modified 1 year, 3 months ago by Eli.

Is “ERR_SSL_BAD_RECORD_MAC_ALERT”the error you are getting?

If your issue is ERR_SSL_BAD_RECORD_MAC_ALERT then it is likely caused by your own computer or browser being out of date.

Have you tried getting the updates on these sites from another computer or even from your phone browser?