ChriStef

I’m not sure yet, I’m still investigating it but I suppose by cpanel vulnerability or main password leak. All domain folders had the injected php code… Even the non WordPress once.

The malicious code just serve for crawling bots other websites products and info. Google is messed up with those info, I think is not to bad.

Thanks for your consideration.

• This reply was modified 1 year, 5 months ago by ChriStef.

new version v3.0.2
log….
12-Nov-20 19:58:20 INFO Processing step 13/14
12-Nov-20 19:58:20 ERROR Fatal error: Snapshot seems to be corrupted.
12-Nov-20 19:58:21 INFO Cancelling scanning process

Php version = 7.4.12
[12-Nov-2020 18:22:27 UTC] PHP Notice: Undefined variable: snapshot in …/wp-content/plugins/ninjascanner/lib/scan.php on line 2234

… Just before the end of the scan.

Thanks for the quick response.

I did the steps, but the same error. I also tried the manual from FTP folder delete them.

Any other work around?

Thank you ??

No it’s not hidden, it’s straight forward to me. But you could consider adding it and to an option to events tab. All notifications settings to one page. It might be more useful for gui end user.

…Thank you for quick response and fix! All ok now.

Take care ??

Yes I assumed that too, but after many tests with my sharing hosting provider support, that using lightspeed its not few secs on my case. I thought I should mention this here…

I have many php errors when updating a plug-in and in case its crucial I have a msg that my blog is experiencing a problem and the usually mail info to my admin email from wp engine. After a while all ok. Not just secs…

So in your case Changing back on/off WAF what do you see? Only one refresh and its ok?

Hello, I think its related and to a php7.1+ Extension opcache that now is always enabled for faster runtimes.

I see that behavior on my code change that when its enabled it usually wants several minutes to see live the new changes and not just refresh.

Take care,
/ChriStef.

• This reply was modified 5 years, 8 months ago by ChriStef.

Nice q I have the same think with the new version.

Thank you for your insights. Keep it strong…

Do you suggest to me to add some custom rules?

Hello again. Could you see the new attempts below:

%20AND%201679%3D%28SELECT%201679%20FROM%20PG_SLEEP%285%29%29–%20snlo

%20AND%201679%3D%28SELECT%201679%20FROM%20PG_SLEEP%285%29%29

%3BSELECT%20PG_SLEEP%285%29–

%29%3BSELECT%20PG_SLEEP%285%29

%27zfxmjA%3C%27%22%3EBoaAOC

%27%28.%2C%22%22%27%29%29%27

What they trying to do?

• This reply was modified 5 years, 9 months ago by ChriStef.

Thanks for the update.

It will be a wonderful idea to have an option to scan malicious files other than WordPress folder. Only files in other folders, not only special specific staff from blog. Future request it, why not?

A Q: somehow a hacker does inject a file in unknown folder into the wp installation folder, do this tool scan it? Imagine now that folder to be into the root away from wp installation folder.

• This reply was modified 5 years, 9 months ago by ChriStef.

Ok thanks for your help, I got the concept.
/ChriStef.

Thanks for your quick support. You are super ninja indeed, I have to say this.

It’s a form post where I use enctype=’multipart/form-data’ and an <input type=”file”>

/ChriStef.