edwardsmark

i am getting hit like crazy lately. until i move the WP sites over to Auth0 login, i made the follow changes:

/home/comptonpesltrainers.com/public_html/wp-content/plugins/limit-login-attempts/limit-login-attempts.php

line 543-545:

$message = sprintf(__(“%d failed login attempts (%d lockout(s)) from IP: %s”
, ‘limit-login-attempts’) . “\r\n\r\n”
, $count, $lockouts, $ip);

new:

$message = sprintf(__(“%d failed login attempts (%d lockout(s)) from IP: — %s https://www.abuseipdb.com/check/%s ”
, ‘limit-login-attempts’) . “\r\n\r\n”
, $count, $lockouts, $ip, $ip);

please share any opinions with me.

• This reply was modified 2 years, 11 months ago by edwardsmark.
• This reply was modified 2 years, 11 months ago by edwardsmark.
• This reply was modified 2 years, 11 months ago by edwardsmark.
• This reply was modified 2 years, 11 months ago by edwardsmark.

quttera normal scan mode. what concerned me is when https://virusTotal.com also flagged the script.

• This reply was modified 4 years, 1 month ago by edwardsmark.
• This reply was modified 4 years, 1 month ago by edwardsmark.
• This reply was modified 4 years, 1 month ago by edwardsmark.

file is as mentioned, wp-crontrol.php

i just ran “diff” on the wp-crontrol.php from here against my live script, and there is no difference.

the question is now being asked here:

https://github.com/johnbillion/wp-crontrol/issues/55

it just seemed very peculiar that virusTotal.com flagged the wp-crontrol.php script in just ONE of their many tests.

• This reply was modified 4 years, 1 month ago by edwardsmark.
• This reply was modified 4 years, 1 month ago by edwardsmark.
• This reply was modified 4 years, 1 month ago by edwardsmark.

this is also a great utility from what i can see: https://www.virustotal.com/

any opinions?

done – THANK YOU!

wp Version 5.6.1
quttera Version 3.3.4.44

and quttera is TOTALLY AWESOME, by the way.

i also see:

Severity: enSuspiciousThreatType
File: wp-includes/SimplePie/Canonical.php-VIRUS-SUSPECTED
File signature: 890172309bb500537494623fb5f27672
Threat signature: 890172309bb500537494623fb5f27672
Threat name: Heur.AlienFile.gen
Threat: Unknown file in core
Details: Detected unknown file in core directory

Severity: enSuspiciousThreatType
File: wp-content/themes/twentytwentyone/postcss.config.js
File signature: 2b2f94298693f9221149c12b83dc8a3c
Threat signature: 2b2f94298693f9221149c12b83dc8a3c
Threat name: Heur.CoreFile.gen
Threat: Modified core file..
Details: Detected modified core file

• This reply was modified 4 years, 1 month ago by edwardsmark.

thank you. i would think that something like wp-commerce would be reasonably current, and they would at least answer questions on their own forum.

but out of nearly 30k PHP scripts, i am surprised there are so few that need anything. and that little find-sed script fixes most of them. the last couple of them i can probably safely ignore.

it is reassuring to see the lint tests passing. over the past couple of years, i had already moved all the old(er) mysql interfaces “mysqli” to the new(er) PDO interface.

thanks again.

• This reply was modified 4 years, 6 months ago by edwardsmark.
• This reply was modified 4 years, 6 months ago by edwardsmark.

we have close to 29k php scripts that have been lint-tested. that little find script seemed to fix 90% of my issues, although i still do not feel comfortable modifying code.

upon looking at the scripts, it is probably part of some testing area that is obsolete anyway.

>>> I’m not expert. You can try the plugin and see if it works
>>> or find another or edit it and re-fix each time there’s an update.
>>> Those are the choices.

hmmm good idea; having a simple:

sed --in-place --expression="s/= &/=/;" *.php; might be the answer.

NOTE: more and more plugins are refusing to update unless php is updated to php-7. i take this as a bit of a warning not to put this update off any longer.

EDIT:

find . -name '*.php' -type f -exec sed -ie "s/= &;/=/;" {} \;

• This reply was modified 4 years, 6 months ago by edwardsmark.
• This reply was modified 4 years, 6 months ago by edwardsmark.
• This reply was modified 4 years, 6 months ago by edwardsmark.
• This reply was modified 4 years, 6 months ago by edwardsmark.
• This reply was modified 4 years, 6 months ago by edwardsmark.
• This reply was modified 4 years, 6 months ago by edwardsmark.
• This reply was modified 4 years, 6 months ago by edwardsmark.
• This reply was modified 4 years, 6 months ago by edwardsmark.

it appears the code is indeed a holdover from php4

https://stackoverflow.com/questions/47606645/php-code-error-parse-error-syntax-error-unexpected-new-t-new-in-var-www-h
https://stackoverflow.com/questions/1086539/assigning-the-return-value-of-new-by-reference-is-deprecated

it appears that it is recommended just to remove the ampersand manually.

• This reply was modified 4 years, 6 months ago by edwardsmark.

thanks steven, but the plugin authors have not yet responded and i need to move forward on this.

and i believe if you get a fatal error during a lint-test, the code will not run anyways. also i am seeing lint-test failures in other places as well.

i should have been a bit clearer though, i apologize. i am seeing code like this:

$test = &new TestSuite('blah blah blah');

where it appears any use of “EQUAL-AMPERSAND” is a holdover from the php4 days and wont work on php7.x.

• This reply was modified 4 years, 6 months ago by edwardsmark.
• This reply was modified 4 years, 6 months ago by edwardsmark.
• This reply was modified 4 years, 6 months ago by edwardsmark.

hi sorry for the delay:

# od -cx Screen_Spont_2020-01-24-10-19-53-PM.opus | head -25

0000000   O   g   g   S  \0 002  \0  \0  \0  \0  \0  \0  \0  \0   u 020
           674f    5367    0200    0000    0000    0000    0000    1075
0000020   3   B  \0  \0  \0  \0   * 022 247   S 001 023   O   p   u   s
           4233    0000    0000    122a    53a7    1301    704f    7375
0000040   H   e   a   d 001 001   8 001 200 273  \0  \0  \0  \0  \0   O
           6548    6461    0101    0138    bb80    0000    0000    4f00
0000060   g   g   S  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0   u 020   3
           6767    0053    0000    0000    0000    0000    7500    3310
0000100   B 001  \0  \0  \0   p   G 230 323 001 034   O   p   u   s   T
           0142    0000    7000    9847    01d3    4f1c    7570    5473
0000120   a   g   s  \f  \0  \0  \0   M   o   r   p   h   b   o   x   .
           6761    0c73    0000    4d00    726f    6870    6f62    2e78
0000140   c   o   m  \0  \0  \0  \0   O   g   g   S  \0  \0  \0 207  \0
           6f63    006d    0000    4f00    6767    0053    0000    0087
0000160  \0  \0  \0  \0  \0   u 020   3   B 002  \0  \0  \0 276   i   b
           0000    0000    7500    3310    0242    0000    be00    6269
0000200 356 033 343 377 032 377  \n 377  \n 377  \0 362 302 265 333 377
           1bee    ffe3    ff1a    ff0a    ff0a    f200    b5c2    ffdb
0000220   ( 377 032 377 004 251   m   m 376 377 020 377  \f   z   a  \0
           ff28    ff1a    a904    6d6d    fffe    ff10    7a0c    0061
0000240 263   $ 354 260   n   (   I   4 003 312   L  \f 334 037 023   z
           24b3    b0ec    286e    3449    ca03    0c4c    1fdc    7a13
0000260   Q 226 234 264 034   K   R 261   7   { 212 250 316   % 352 017
           9651    b49c    4b1c    b152    7b37    a88a    25ce    0fea

• This reply was modified 5 years, 2 months ago by edwardsmark.
• This reply was modified 5 years, 2 months ago by edwardsmark.

sorry been away and missed this. the vast majority of our files are opus files.

(Plugin version 3.3.0.24)

thanks – I tried to include an attachment but you have to click my link to see it. my question is what happens when i want to actually enter, for instance, an actual persons address or somebodys phone number? I don’t see them in the user profile section, and I am not sure where else to look.