Need some guidance on GOTMLS plugin

  • Resolved ambujgarg

    (@ambujgarg)


    6 years, 8 months ago

    Hi – I have your GOTMLS plugin installed, and did a first complete scan of my website today. Some things I need guidance with:

    1. The complete scan took 2 hours 40 minutes to complete. Is it normal for a full scan duration? Or is it because I also have a test staging site and backups within my public_html folder, which are causing the scan to take so long. Any way to speed it up?

    2. The scan detected on threat in my .htaccess file, specified below:

    RewriteCond %{HTTP_USER_AGENT} ^.*(Baiduspider|HTTrack|Yandex|spbot).*$ [NC]
    RewriteRule .* – [R=403,L]

    Now, I have set up the above condition in .htaccess file to stop these bot agents from accessing my site, as they are not relevant for me. Can I ignore this warning?

    3. Recently, I activated a cronjob for a new plugin on my site for time based check scheduled to run every 12 hours. Now, everytime this cron-job runs, I receive a PHP notice related to GOTMLS plugin immediately after the cron job, as shown below:

    Undefined offset: 2
    Type: PHP Notice Line: 132
    File: /home/wwwfin5/public_html/wp-content/plugins/gotmls/images/index.php

    The above line refers to the following code in the mentioned index.php file in images folder of GOTMLS:

    GOTMLS_define(“GOTMLS_siteurl”, get_option(“siteurl”, $GLOBALS[“GOTMLS”][“tmp”][“protocol”].$SERVER_parts[1].((count($SERVER_parts) > 2 && ($SERVER_parts[2] == ’80’ || $SERVER_parts[2] == ‘443’))?””:”:”.$SERVER_parts[2]).”/”));

    I have no idea what it means, or if it should be a cause of concern, but just wanted to check with you. Just to clarify here, I receive 3 additional PHP notices at the time of cron job run (2 related to ip-geo-block plugin, and 1 related to wp-includes/vars.php) in addition to yours (for vars.php it is similar to gotmls):

    Undefined offset: 1
    Type: PHP Notice Line: 31
    File: /home/wwwfin5/public_html/wp-includes/vars.php

    Undefined index: REQUEST_METHOD
    Type: PHP Notice Line: 105
    File: /home/wwwfin5/public_html/wp-content/plugins/ip-geo-block/classes/class-ip-geo-block.php

    Undefined index: SCRIPT_NAME
    Type: PHP Notice Line: 63
    File: /home/wwwfin5/public_html/wp-content/plugins/ip-geo-block/classes/class-ip-geo-block.php

    Request you to kindly clarify on the above points. Thanks for your help.

    Regards,
    Ambuj

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Eli

    (@scheeeli)

    Hi Ambuj,
    I’ll do my best to answer all you questions here:

    1. No, it should not take that long. It might be in part caused by the additional staging and backup folders you mentioned, but it may also be caused by your server being slow or not allocating enough resources to your site. First, try excluding those folder from the scan to see if it is much faster. It typically takes on about 10 to 20 minutes to scan an average WordPress site.

    2. Your custom Rewrite Rule is very similar to a common malicious redirect that send certain bots to fake or malicious in order to corrupt your SEO ranking. But your code is not exactly lick this other malicious code so I have updated my definitions to reflect that this code you have is ok. If you download the new definition update then it should not flag your code again.

    3. The PHP Notice is caused by your server’s environment variable not setting the value for $_SERVER[“SERVER_PORT”]. I will be updating my code in the next release of my plugin to account for the possibility that the SERVER_PORT variable may not be set and that will get rid of the PHP Notice. You can also turn off the reporting of Notices in your php.ini file so that you don’t get Notices from those other files either.

    Let me know if you have any more Questions.

    Aloha, Eli

    Thread Starter ambujgarg

    (@ambujgarg)

    Thanks Eli for the prompt and helpful response. Really appreciate it, I would do a full scan after excluding these folders, and see if the scan completes quickly enough.

    Best,
    Ambuj

    Plugin Author Eli

    (@scheeeli)

    Hi @ambujgarg,
    Just checking in, how long does the scan take now.

    Also, I just released my plugin update, version 4.17.69 which fixes that PHP Notice you were getting. Please let me know if there is anything else I can help with.

    Thread Starter ambujgarg

    (@ambujgarg)

    Hi Eli – Thanks for following up. Please find updates below:

    1. I excluded the test staging site and deleted the backups, which reduced scanning time by 1 hour from 2 hour 50 min last time to 1 hour 50 minutes now. But my site is more heavy than an average WP site and there are lot of plugins installed out of which only few are activated at any time. But they are all checked by the Anti-Malware, so that might account for the longer time. To give an idea, your plugin was continuously checking different files and scanned over 3300 folders, taking an average of 2 seconds to scan each folder. Not sure how does it compare with average scan time per folder elsewhere. Is it normal, or can it still be faster? I really don’t know.

    2. The false positive .htacess threat and the PHP notice for GOTMLS which happened immediately after the cron job, are gone now, thanks to your quick updates.

    3. Now, there is a new PHP notice for GOTMLS which comes up immediately after I start the complete scan with GOTMLS (again not sure whether it is a cause of concern or not):

    Undefined offset: 1
    Type: PHP Notice Line: 938
    File: /home/wwwfin5/public_html/wp-content/plugins/gotmls/images/index.php

    This relates to the GOTMLS code: $GOTMLS_dir_at_depth[$current_depth]++;

    4. Right at the time, the complete scan of GOTMLS plugin is about to end, it starts rescanning a few folders again, and then upon completion, it gives a read/write error for the “BackWpUp” plugin saying it could not read one specific folder within it. I can’t give you the exact sub-folder name, as the screen has got refreshed, and I don’t know if there is any way to keep track of the errors GOTMLS found during scanning.

    5.Your plugin is already very good and I have already rated it 5*, Couple of suggestions for improving it further if they can be implemented:

    a) The GOTMLS scanning logs and errors/threats should be stored somewhere where we can easily access them at any time, and take action later if not sure immediately.

    b) Automatic scheduling feature of GOTMLS scans on a weekly basis can be included in the future updates (it can be a part of the donation or paid package).

    Request you to kindly revert on the above points. Thanks again for the help,

    Best,
    Ambuj

    Plugin Author Eli

    (@scheeeli)

    Thanks for the update. It should still not be taking that long, there must be something in the scan path that is slowing it down. Maybe it has to do with the read/write errors you are getting or there may also be some more backups or cache files that should not be scanned (it is best to delete all cache and disable caching when your site has been infected because the cache can aid in the preservation of threats that are already removed and it can also slow the scan process).

    Thanks for the second Undefined Offset Notice, I will have that fixed in my next release too.

    As for your suggestions to improve the plugin, those are both features that I am working on. Improving the Scan log with more details and the ability to revisit/recheck past problems is coming very soon. The scheduled scan feature is taking more time and there are a number of other changes that will need to be in place before something like that is possible but I am working on it and I will let you know when I have something ready for testing.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Need some guidance on GOTMLS plugin’ is closed to new replies.