bibliata

Thanks for this update
Does this plugin still insert all facebook comments into the WordPress database or was this option too lost with the new FB API?

Any word on an update?
This plugin was good while it was working…

Much similar problem after my last update
(1) cannot arrange posts on frontage as used to be able to in v 2.7.7
(2) facebook comment plugin breaks the footer

Is there an easy workaround for these issues?

//THANKS

Much similar problem after my last update
(1) cannot arrange posts on frontage as used to be able to in v 2.7.7
(2) facebook comment plugin breaks the footer

Is there an easy workaround for these issues?

//THANKS

We believe it was done either through the MailPoet plugin or WP core
Both have since released new updates
The XMLRPC Access was also patched

If this is any help:
I run into similar situation several weeks ago when this attack began
I run the plugin repeatedly on all my sites, on some of them it takes 4-6 hours to complete. Every time it found problems, we deleted them completely. Then they reappeared again

Finally, examining the file structure, we found the attacker being able to upload whole ZIP files from where extracted complete 2-3 various direcotires with malware plus many files in the main WP directory, plus infecting actual WP files. These had to be deleted by hand. Is this issues planned to be addressed by the plugin in the future and if so how?

Thank you for your fast reply.
Here is the whole .htaccess file:

<Files xmlrpc.php>
order deny,allow
deny from all
allow from 87.126.166.206 //seems to be some Polish IP
allow from **.***.***.*** //my server IP
</Files>
# END GOTMLS Patch to Block XMLRPC Access
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

The allow/deny part is especially concerning
Which part could be removed without any risks?
Thanks

Hi guys
Virtually all our websites running the MailPoet plugin are infected again after thoroughly cleaned last week. We will be disabling (and fully removing) the plugin until the issue is fully resolved. Please take this notice under a very serious consideration:

Known Threats Found:
!…/burgas/wp-admin/edit-form-comment.php
!/var/www/wp/wp-content/db_connector…php
!/var/www/wp/wp-content/index…php
!/var/www/wp/wp-content/uploads…php
!/var/www/wp/wp-content/plugins/gc-message-bar/css/index…php
!/var/www/wp/wp-content/plugins/gc-mailpoet-ex/vendor/gcx-mailpoet-extension/class-plugin.php

• This reply was modified 7 years, 6 months ago by bibliata.

This is way too many connections to ignore an db injection attempt even if the requests are legally coming from the plugin, right?

RESO,
This is how Google craw console classified the treat today:

/wp/index.php !…
/wp/wp-cron.php !…
/wp/wp-settings.php !…
/wp/rosoiew/index.php !…
/wp/rosoiew/oyptke.php !…
/wp/rosoiew/troeiw.php !…
/wp/wp-admin/includes/import.php !…
/wp/wp-content/db_connector.php !…
/wp/wp-content/functions.php !…
/wp/wp-content/plugins/fpw-category-thumbnails/js/vouwfzjd.php !,
etc.

Can you run a complete scan with the WP Anti-Malware from GOTMLS.NET and confirm your webs are clean from the above. I dont mean to doubt the MailPoet plugin which I love and have used a lot, but back in the they there was a similar incident which opened the door for db injections on several of our websites via the plugin

Same here.
Several of our websites running mail poet were hacked and reported hacked by Google crawl since the last update to v.3

FIX: Run the very helpful plugin Anti-Malware from GOTMLS.NET to clean all

Then, I located the culprit as rosoiew.zip
(perhaps uploaded via mailpoet folders)
and deleted it all its offsprings like /root/www/rosoiew/
as well as various other number/letter named files

GOTMLS.NET also found fake .htaccess and function.php (and other php) files,
which need to be promptly deleted via FTP or shell access

Finally, run GOTMLS.NET again to confirm your website is clean

MailPoet please recheck your last distro for backdoors please

• This reply was modified 7 years, 6 months ago by bibliata.
• This reply was modified 7 years, 6 months ago by bibliata.

So error is in the plugin then and not the PHP version.
We’re running it on PHP 7.0.0

WARNING: v.1.4.7 crashes WordPress 4.7.3
re-Installed v. Version 1.4.6.1 and worked with like a charm
Do backup before updating to this version!!!
Developer, pls recheck current repository for overnight built errors and crashes

//THANKS

The report above is correct.
Once a page is entered and saved initially, then it cannot be changed. This was not so initially but apparently the plugin is running into some problems with newer version of WP. My site is on WordPress 4.7.3 with OnePress theme.
Thanks for reviewing and quick help

Thank you
Checking cURL
It was installed and running
Let’s see if it has crashed
Will report shortly…

… Restarted Apache
cURL kicked in
Everything is working
Thanks for your help

First thing we did is re-authorized the account but it did not help…
The authorization returned: [0] => Could not resolve host: graph.facebook.com

Since we run the script with several websites on this IP, we tried it on each website – each with different FB user for auto posting and different FB app. None from this IP worked…

Websites are on a dedicated server with several IPs running on it and none of the admins have worked on it overnight. We run several websites with your script and the script works fine on the rest of the IPs except this one. Hence we suspected IP block by Facebook…

No DNS changes has been made. If indeed a server update has messed with anything, where should we start looking:
1) plugin settings
2) wordpress settings (each instance currently runs on a separate virtual machine)
3) Php settings
4) Or apache settings

Thanks