Ghost of Plugin Continues to Send Notifications

Hi @p2000fixthis

Thank you for response but it seems there was a misunderstanding. I’m sorry if we didn’t communicate clearly.

My colleague Dmytro above didn’t refer to “mixed content” issue but rather to the possibility that there may be two version of the site existing/installed on the server at the same time: two installs in two separate folders, one used as actual site over HTTPS and one (may be some leftover or dev version) still active but under HTTP.

If Broken Link Checker would be still installed and active on one of them, it would explain the issue. Otherwise, there’s no way plugin could send those notification if it’s not installed/active and has no any left-over cron tasks (which we discussed and checked earlier).

There is another similar possibility: some staging/dev site (may even be some old copy) kept on the same or even different server but with the plugin active.

Other than this, plugin does NOT install anything “secret” that could do this. If it’s deleted, it’s deleted and that’s it – no code exists anymore on the site that could check links or send those notifications.

Could you duble-check that, please?

Kind regards,
Adam

You guys are not giving me anything to work with. The old site that we migrated from in Dec exists as a flat compressed backup file, it does not execute.

How about pointing me to a PHP file with a string to find and comment out? How about a database entry that can be deleted? I need something more specific than “it must be the other guy’s issue.”

Also, if the ‘Broken Link Checker’ had a checkbox to force checking to use HTTPS none of this would be a problem — I wouldn’t have tried to delete it.

I need some REAL help.

And…another useless email this morning:
https://monosnap.com/file/LmnMsA3RD86ekS4qf7ylItxHu0l5Uc

• This reply was modified 10 months, 1 week ago by p2000fixthis.

Hi @p2000fixthis,

Hope this message finds you well.

The old site that we migrated from in Dec exists as a flat compressed backup file, it does not execute.

Did you also remove the database?

But, our BLC stores their settings at the WPTABLEPREFIX_options table using the wsblc_options as option_name.

Let us know if you were able to find it.

Best regards,
Laura

Yes, I found it:

https://monosnap.com/file/X4asEDslm4xWejrp7ugKWZyb29n6kD

Hi @p2000fixthis,

Thanks for the update.

Let us know if you removed it and if after that the notifications did stop.

Best regards,
Laura

OK, it is gone as of now. Will need to wait a few days to see if another email appears.

Hi @p2000fixthis,

Please update us here with the result so that we can help you further.

Kind Regards,
Nebu John

Sadly, the deletion of the options record and plug-in did NOT stop the bogus emails from arriving. This plug-in is behaving like malware.

letter one:
https://monosnap.com/file/w2lP4luHNg2QYgJilEmAW4K9OJ4UlM
letter two:
https://monosnap.com/file/59OkQfxUPLdXL3kspJ3ZQYgOsChjXa

• This reply was modified 10 months ago by p2000fixthis.

Is it possible the cloud server for Broken Link Checker is engaged? (The cloud option was not intentionally activated, but perhaps there is some bug that registered it anyway?)

Hi @p2000fixthis

Both versions use separate engines and there are no correlations between each other.

Please email us at: [email protected]
Subject: ATTN: WPMU DEV support – wp.org

Please send:
– Link back to this thread for reference (https://www.ads-software.com/support/topic/ghost-of-plugin-continues-to-send-notifications/)
so that we could review this case more for you

Kind Regards,
Kris

Hi @p2000fixthis,

We haven’t heard from you in a while, I’ll go and mark this thread as resolved. If you have any additional questions or require further help, please let us know!

Best regards,
Laura

Unfortunately, this is not fixed. The emails are still being sent from WordPress itself — in spite of my changing my admin email to something else — I just got another erroneous broken link Ghost message. The plugin is completely removed from the WordPress site — but still sending messages about one or two days after I login and do so something. I have not received ANY HINTS from support other than different authors commenting from time to time assuming this is over. The only thing I can think of is to route all these Ghosts to junk mail — forever…..

HI @p2000fixthis,

Did you try installing an email log plugin as stated in our older response? It should help to keep track of all the emails sent from the website.

Could you also please follow up on our email as requested in the previous response?

https://www.ads-software.com/support/topic/ghost-of-plugin-continues-to-send-notifications/page/2/#post-17363726

Looking forward to your response.

Kind Regards,

Nithin