darrenchu

Right, so what do think is triggering the false positives, and what are your thoughts on how we can resolve this? Am sure there are other users of Cerber who will have Ajax based search box forms triggering the warnings that I described in my original message above.

Is the only solution for me to not use this search plugin?

Hi Gregory, so what would you suggest I do at this point?

The Ajax form is just a Search box on my website, so I’m not worried about spam from this form. I have a website membership registration form which without Cerber, attracts a lot of spam registrations.

As I’ve said, I already have my Anti-Spam Engine setting of “Use less restrictive policies (allow AJAX)”.

Thank you in advance,
Darren

Thanks for the quick response Ernest!
It appears that the security plugin is generating false positives. The security plugin has an option to allow Ajax which by default, was already selected. I’ll keep you posted once the WP Cerber’s author comes up w/ some feedback on any other plugin config settings I can change to relax the spam tagging.

Cheers,
Darren

Hi,
I just wanted to add that I’ve also confirmed that within

Anti-Spam Engine > Adjust Anti-Spam Engine > Safe Mode >

I have: Use less restrictive policies (allow AJAX)

I’m assuming there’s no need to whitelist URI strings if I’ve already selected the above allow AJAX setting?

Thanks again,
Darren

Actually, looks like I was whitelisting in the wrong part of the plugin. By going to the Anti-Spam Engine’s Query whitelist, and just copying the following into the box, communication from Paypal and Stripe work for now!

s2member_pro_stripe
s2member_paypal

Hi,
When I have Wordfence activated, it’s the site members (none of whom use 2FA) trying to login who see the error: “ERROR: An error was encountered while trying to authenticate. Please try again”.

These are site members using the correct username and password combination. I tested this using one of my dummy accounts and get the same error.

Darren

Hi @wfphil ,
Thanks for pting that out. Curiously though, I never had any issue w/ 2FA provided through Wordfence in conjunction w/ S2Member. Among all of my website members, my administrator a/c is the only one w/ the 2FA turned on.

The issue is more on site members who don’t have 2FA turned on, and who aren’t able to login consistently. I’ve used Wordfence in conjunction w/ S2Member for almost 5yrs, and never had issues w/ the false positives (inability for legitimate users to login) until this past yr…

Darren

Everything works again now!

Looks like it was just a temporary issue as suggested by Ashley.

Thanks again!

Darren

• This reply was modified 4 years, 5 months ago by darrenchu.

Hi Bryle,
Tks for the quick response.

I’ve gone through the latest log file emailed to me, and it appears that sure enough, the issue is that authentication to my Dropbox account wasn’t successful.

Here’s the link to the Dropbox log file:

https://www.dropbox.com/s/9g815ad6122erqy/log.faae63ab4e84.txt?dl=0

You can do a search for the following:

0292.869 (0) Dropbox: chunked upload exception (Dropbox_CurlException): Failed to connect to content.dropboxapi.com port 443: Connection timed out (line: 171,

What workaround would you suggest to authenticate to my Dropbox account, if I typically rely on a 2FA login (facilitated by Google Authenticator)?

Cheers,
Darren

Hi Gioni,
So far, so good…

I went into the Anti-Spam engine Sat morning to:

Adjust anti-spam engine > Safe Mode > “Use less restrictive policies (allow AJAX)”

Since then, the Slimstats visitor unique IP/pageview counts have appeared to properly reflect legitimate site visits. What appeared to be happening under the more strict policy was Slimstat could only track those site visitors who logged in…

Hope you’re enjoying your wkend!
Darren

Thanks for the suggestion Gioni! I’ll try those tests in the next few days and let you know if I can isolate the issue. Have a wonderful weekend ahead!

Hi Will,
Thanks for the suggestion and for the investigation into S2Member. I’ve been using S2Member for 5 yrs or so, and have spent countless hours adapting my website to S2Member (as it was the most functional and adaptable membership plugin I was able to find at the time in the summer of 2014).

I’m still waiting for S2Member to get back to me, but will keep you posted on their response…it might be a few more days before I hear back, as their support’s been quite thin ever since they were acquired by another software vendor.

Ideally, I’ll try holding off for now on deleting all of my activated plugins given some configuration settings will be hard to remember (and will be lost in the plugin deletion I’m assuming).

Thanks again, and hope you’re enjoying your weekend,
Darren

Thanks for the suggestion Will. Registration works fine if I uncheck those options.

However, I still want to get to the root of the problem which is that wcomhost.com is trying to phish on all registrations (handled by S2member). Outside of turning off the ability for site visitors to register, how would you suggest I avoid any legitimate user details getting phished via my S2member registration form?

If this phishing site indeed has somehow embedded itself into the S2member registration form on my website (https://tradablepatterns.com/wp-login.php?action=register), how would you suggest for me to clean the phisher from the form, and to eliminate this phishing from taking place, while allowing users to continue with legitimate registration?

Much appreciated in advance!

Darren

Hi Will,
Hope all’s well.

Sometime after my last post, I realized some users were having issues logging in again, so I deactivated your plugin. When I was testing today w/ your plugin reactivated, I managed to login fine, but noticed that registration is where the issue now appears to lie. I had to deactivate the plugin for now, but can turn it back on if you need the log. Let me know if the following error msg that appears after I submitted a registration attempt suffices for troubleshooting for now:

denied registration
bbcode [php in field: ws_plugin__s2member_custom_reg_field_company_type astound_chkbbcode rejection
spam domain: 119.23.133.147 in ws_plugin__s2member_custom_reg_field_company_type astound_chkdomains rejection
spamword: it’s effective in ws_plugin__s2member_custom_reg_field_company_type astound_chkspamwords rejection
Phishing Domain: 000m8ih.wcomhost.com in ws_plugin__s2member_custom_reg_field_company_type astound_chkphish rejection
found Bad Neighborhood: 49.245.115.210 in 49.0.0.0/8 astound_chkbadneighborhoods rejection

Much appreciated in advance,
Darren

Hi Will,
In the 10 days since I’ve reactivated Astounding Spam (and started a fresh log), everything seems to be working fine. I think the conflict I was experiencing w/ S2Member may have been caused by another spam plugin (WP Cerber Security, Antispam & Malware Scan). Either way, the users who had previously had issues seem fine on their logins now.

Thanks again!
Darren