Eli

Yes, there was a potential conflict with the Session changes in the Brute-Force Protection released in version 4.23.56 on Saturday. That is why I released another update on Sunday, version 4.23.57 should solve this issue for you.

Please download the latest version and let me know if you have any further issues.

Hi Dario,

I’m not sure what caused the delay but I can see from my sent mail that the email was sent to your gmail address about 2 minutes after you posted this topic on the support forum. I can also see that your account is now registered to that same email, so it looks like everything went though fine (just a couple minutes later than expected).

Also, if you are having any kind of issues with my website or account registration then you should contact me directly or at least post it on my website, not on the public WordPress forum.

Please email me directly if you have any more questions about your account:

eli AT gotmls DOT net

This error message suggests that the plugin was unable to scan or read the files in the …/uploads/2023/11 folder. The permissions listed there don’t seem to be the problem so I would guess that this has something to to with a memory limit or timeout issue on the server. There may be an unusually large number of file in that directory which could be contributing to the resource limit problem. You could try increasing the memory_limit value in the php.ini file on your server to allow PHP processes (like my plugin) to use more memory when scanning each folder.

Thanks again for your post. I have just updated my definitions to exclude this False Positive.

Please download the latest definition (NB34u) to confirm that this file is no longer flagged as a Known Threat.

Thanks for reporting this to me. I have confirmed that this is in fact a False Positive, and I will be whitelisting it ASAP.

In case you (or the developers) want to know why it was flagged, it was the usage of a variable function ($result) called inside a condition that was testing a $_REQUEST parameter. I can see now that those conditions are not always malicious even though it is a common pattern among malicious injections. What makes this particular usage of a variable function safe is that the $result() function was declared inside the Class Function that calls it, so scope is limited, and the variable function is not passed by the unrelated $_REQUEST parameter being validated in the surrounding condition.

I’m not sure why the developers chose to use a variable function like $result = function(… when they could have just declared the function properly, and there is always the potential to open up a security vulnerability if there is any chance that the variable can be altered before it is called, but in this case I can see no threat here so I will update my definitions to allow for this usage.

It’s hard to see exactly what threat was found because of how your pasted content got formatted when you posted it on this forum.

I understand that the scan “Found 8 Known Threats” like this one, but was there a problem or a question that prompted you to post this info?

Ok, Thanks for the details. I have released a plugin update that should fix this issue. If you have the opportunity to try it again, on this or any other site, then please let me know how it works for you.

Thank you for reporting these details. I think I have found the cause of this but I cannot recreate the error on any of my test sites, can you please send me a screenshot of the Anti-Malware Setting page in your wp-admin?

I also noticed in your screenshot that the scan found 1215 Known Threats, so I thought it would be helpful to point out that you can still go ahead and fix those threats that have already been found without waiting for the Complete Scan to finish. It may improve the speed and effectiveness of the scan to have those threats removed, and that may also decrease the CPU usage that GoDaddy is complaining about. Or you could just move your site to a better hosting provider where you hopefully will not have any more of these issues ??

• This reply was modified 1 year, 7 months ago by Eli.

First of all, I cannot express how important it is to use the Console tab in your browser’s Inspector to debug these kinds of issues. There can be any different reasons why the scan could be getting stuck and none of them are typically expected, so you will need to look for errors logged in your browse and/or on your server error_log files to see what is causing this issue.

Your first screenshot shows that the scan is getting stuck on a core JS file as well as 40 other files, or which we cannot see in that screenshot (Note: this is not a DB Scan issue as you originally reported). Regardless, the debugging info from your browser and/or the error_log file on your server should help you discover the actual cause. If I had to guess, I would say that either your memory_limit value in the php.ini file on your server is way too small, or else maybe your server is blocking the scan URL on these last few files. Look in the Console tab for 403 or 500 errors or any other error or security warnings, then check you error_log file on the server to see what is causing the error.

Your second screenshot shows your website taking time to load, there is no way to tell how long but obviously it is long enough for you to be concerned about it. I spoke to this briefly in my last reply but I will now explain in more detail. Your site is loading quickly for me every time I have tried it, so the problem must be on your or else it is an intermittent problem that I am not catching. It is clear from your screenshot that you are trying to load your site in a new tab while the 3rd tab in your browser is still trying to finish the scan. This will give you a false impression of your website’s page speed because Chrome will not load two requests for the same site at the same time, so it may take as long as 60 seconds for the scan process to finish the attempt on that failed file that it keeps getting stuck on, and only then will the new tab be queued up to load your site. If you really want to see your site loading at the same time as the scan is running then try opening your site from your phone or another computer that is not the one you are running the scan from.

• This reply was modified 1 year, 7 months ago by Eli.

Is “ERR_SSL_BAD_RECORD_MAC_ALERT”the error you are getting?

If your issue is ERR_SSL_BAD_RECORD_MAC_ALERT then it is likely caused by your own computer or browser being out of date.

Have you tried getting the updates on these sites from another computer or even from your phone browser?

I cannot recreate this issue on any of my test sites.

What definition version do you currently have?

What is the URL of the “page not found” error?

Can you please send me a screenshot?

eli AT gotmls DOT net

Hi Bruno,

That mailster.co is a premium plugin so I cannot be sure without seeing the rest of the code in that file. If it is only the one ini_set that is highlighted then Yes, this is probably a False Positive. I have updated the definitions for this threat and, if the code is just as you say here, then it will not be flagged as a know threat any more.

If you have any further troubles with this after downloading the latest definition updates then please send me a copy of the whole file so that I can address the issue more completely.

Your website is loading fine for me. Maybe your browser is too busy trying to load the scan page to load other pages. Try pausing the scan and then you should be able to load other pages on the site. Some browsers just won’t load two pages at the same time from the same site, they get buffered and take turns loading instead.

As for the issue of getting stuck on the DB Scan, it should be breaking down the DB Scan into smaller jobs and searching for one type of malicious link of script at a time. Is there one in particular that it is getting stuck on?

Can you send me a screenshot of video capture of the scan?

I guess you could say that. The fact is that the code in that file does actually match the pattern of the known threat that has been used to infect other sites. It is essentially a back-door not so much unlike any other back-door that a hacker might use to exploit a website. The only difference here is that this back-door is designed to be used for a specific purpose by users like you to easily install other new plugin code from third-party sources like github.

I would be very curious to know more about how you personally use this plugin and what other plugins and add-ons you have used it to install. Could you give me some details about how and why you use this plugin?

Also, what prompted you to find and install this plugin in the first place?

• This reply was modified 1 year, 7 months ago by Eli.