marc77

@rbaronqc

At first, I fully understand why this error 2.1 comes up. Adsense is firing before the user give the consent. I use this plugin and I use Choice on NON wordpress websites.

I guess 90% of the users here add the default adsense codes from the adsense website. Like this:

<script async src=”//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js”></script>

and

<ins class=”adsbygoogle”
data-ad-client=”ca-pub-45654645654665″
data-ad-slot=”456456465″>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>

I know, its not enough to place the quantcast code before the google ads, we have to prevent adsense firing until the consent is given and here comes the problem…

How to do this?

I could not find a solution in this thread and I could not find a solution on your website… but in my opinion this is the main important question for all users that have this problem.

Would you please provide a code that shows how to wrap the default adsense code to make them wait?

When you look at the consent from clickio, they do this very well in this way:

function ub() {
sa
? ((e.googletag = e.googletag || {}),
(e.googletag.cmd = e.googletag.cmd || []),
m(e.googletag.pubads)
? e.googletag.pubads().setRequestNonPersonalizedAds(0)
: e.googletag.cmd.unshift(function () {
e.googletag.pubads().setRequestNonPersonalizedAds(0);
}),
(e.adsbygoogle = e.adsbygoogle || []),
(e.adsbygoogle.requestNonPersonalizedAds = 0))
: (console.log(“Enable personal ads”), console.log(” Google DFP codes”), console.log(” Google AdSense/AdX codes”));
}
function Sa() {
sa
? ((e.googletag = e.googletag || {}),
(e.googletag.cmd = e.googletag.cmd || []),
m(e.googletag.pubads)
? e.googletag.pubads().setRequestNonPersonalizedAds(1)
: e.googletag.cmd.unshift(function () {
e.googletag.pubads().setRequestNonPersonalizedAds(1);
}),
m(e.__lxG__) && m(e.__lxG__.allowPersAds) && vb(0),
(e.adsbygoogle = e.adsbygoogle || []),
(e.adsbygoogle.requestNonPersonalizedAds = 1))
: (console.log(“Disable personal ads”), console.log(” Clickio codes”), console.log(” Google DFP codes”), console.log(” Google AdSense/AdX codes”));
}
function ec() {
Ua &&
((Ua = !1),
sa
? ((e.__lxG__ = e.__lxG__ || {}),
(e.__lxG__.pauseLoad = 0),
m(e.__lxG__.resumeLoad) && S(e.__lxG__.resumeLoad),
m(e.__clickio__safecontent__) ||
((e.googletag = e.googletag || {}),
(e.googletag.cmd = e.googletag.cmd || []),
e.googletag.cmd.push(function () {
m(e.lxpbjsdfp) || e.googletag.pubads().refresh();
}),
(e.adsbygoogle = e.adsbygoogle || []),
(e.adsbygoogle.pauseAdRequests = 0)))
: (console.log(“Resume all codes”), console.log(” Clickio codes”), console.log(” Google DFP codes”), console.log(” Google AdSense/AdX codes”)));
}
function zb() {
-1 === e.__lxG__consent__.getState() && e.googletag.pubads().disableInitialLoad();
}

See the google documenation: https://support.google.com/admanager/answer/7678538?hl=en

This means, you have the option to choose:

> Pause ads while the user is choosing

> Load non-personalized ads while the user is choosing

Note that only Clickio and Google AdSense, AdX, DFP ads will be paused automatically. Consent Code should be placed above all ad tags in the <HEAD> session for the pause to work reliably.

With this way, the user is seeing non personalized ads and after choosing he see personalized ads.

Could our developers ad this feature to choice?

• This reply was modified 4 years, 1 month ago by marc77.

I am pretty sure it is AAM. See my posts before.

Quick and dirty todo until its fixed:

block the IP Range in the httaccess
+
deactivate the plugin
+
rename the plugin folder
+
change all DB and WP Passwords

• This reply was modified 5 years, 2 months ago by marc77.

Please see my previous updates on page 3.

I checked the plugin for the “aam-media” parameter. There are only 2 files:

\core\Media.php
\Shared\Manager.php

in Media.php is:

protected function __construct() {
$media = filter_input(INPUT_GET, ‘aam-media’);
$request = (is_numeric($media) ? urldecode(AAM_Core_Request::server(‘REQUEST_URI’)) : $media);
$root = AAM_Core_Request::server(‘DOCUMENT_ROOT’);

$this->request = str_replace(‘\\’, ‘/’, $root . $request);
$this->request_uri = preg_replace(‘/\?.*$/’, ”, $request);
}

and in Manager.php is:

//check Media Access if needed
if (AAM_Core_Request::get(‘aam-media’)) {
AAM_Core_Media::bootstrap()->authorize();
}

could this INPUT_GET or AAM_Core_Request::get be the problem?

Because the first command in the access.log was

GET /wp-config.php?aam-media=1

• This reply was modified 5 years, 2 months ago by marc77.

Ok, at 3 O′clock the second IP open myphpadmin:

50.63.162. – – [07/Sep/2019:00:03:05 +0200] “GET /phpmyadmin HTTP/1.0” 200 55883 “https://myurl/phpmyadmin&#8221; “Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0”

I invited the developer:

https://www.ads-software.com/support/topic/maybe-advanced-access-manager-is-vulnerable/

• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.

@karelnet

I’d find strange they could have access to all databases with different usernames/pass from one site ?

yes, this is really strange. Maybe you have the same wp-login account + pw?

Please check my updates in the previous post.

• This reply was modified 5 years, 2 months ago by marc77.

I checked the logs. There was a SQL insertation on my websites at: [07/Sep/2019:00:02:20 +0200]

I my access.log I found arround this time:

Here is the IP – [07/Sep/2019:00:01:39 +0200] “GET /wp-config.php?aam-media=1 HTTP/1.0″ 301 254 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0”

Please see the get command: aam-media=1

Maybe aam-media stands for Advanced Access Manager?

And here comes from the same IP the next get commands from the access.log:

here is the same ip – – [07/Sep/2019:00:01:54 +0200] “POST /wp-login.php HTTP/1.0” 401 381 “/wp-admin/admin-ajax.php” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36”

here is the same ip – – [07/Sep/2019:00:01:57 +0200] “GET /wp-admin/profile.php HTTP/1.0” 301 249 “/wp-admin/profile.php” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36”

here is the same ip – – [07/Sep/2019:00:01:58 +0200] “GET /wp-admin/profile.php HTTP/1.0” 302 – “/wp-admin/profile.php” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36”

here is the same ip – – [07/Sep/2019:00:01:58 +0200] “GET /wp-login.php?redirect_to=https%3A%2F%2F%2Fwp-admin%2Fprofile.php&reauth=1 HTTP/1.0” 401 381 “/wp-admin/profile.php” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36”

That means after open the URL:

/wp-config.php?aam-media=1 with a 301 redirect

they made a post command to the

/wp-login.php HTTP/1.0″ 401 381 “/wp-admin/admin-ajax.php”

and then:

he update the Profile?

GET /wp-admin/profile.php HTTP/1.0″ 302 – “/wp-admin/profile.php”

https%3A%2F%2F%2Fwp-admin%2Fprofile.php&reauth=1

reauth=1 means they changed the password, right?

• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.

@karelnet

I can confirm that some of my sites were hacked even without Advanced Access Manager.

Well, I have Advanced Access Manager on only 1 website but 6 websites got hacked. The problem for me was, that my SQL Password was the same for all 6 websites. Do you have different sql passwords for all your sites or are they in one account? Please check your wp-config.php

Off course I have set different PW′s now for all sites. It was a dump mistake.

• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.

My Advanced Access Manager Version is 5.9.8.1 (installed last week):

I made a mixed update of my plugin list from other infected websites:

Adminimize
All in One Seo
Advanced Access Manager
Advanced Custom Fields
CommerceGurus Toolkit
Customizable Post Listings
Contact Form 7
Duplicate Page
.html on Pages
Jquery Validation For Contact Form 7
KB Linker
LayerSlider WP
MailChimp for WordPress
More Fields
Multi-level Navigation Plugin
Redux Framework
Really Simple Sitemap
Recent Posts
SEO Smart Links
Table of Contents Plus
Widget CSS Classes
WP-PostRatings
WP Fastest Cache
WP Live Chat Support
WP Simple Ads Insertion
WPBakery Visual Composer
WPFront User Role Editor
Yoast SEO

• This reply was modified 5 years, 2 months ago by marc77.

@salvaramirez
@karelne

Ok, Thank you.

Maybe you have Advanced Access Manager?

Please list all your active plugins.

• This reply was modified 5 years, 2 months ago by marc77.

Ok, I am not alone. Found this thread by searching for wiilberedmodels.

I made a file change scan and I think NO file was changed. I am pretty sure that this is a sql injection.

I had 6 DB′s infected. In the last 4 years I made no plugin changes on this websites. On thursday I installed “WP Live Chat and Advanced Access Manager” and today I am hacked. Maybe it is coincidence but do you all use WP Live Chat or Advanced Access Manager?

My Plugins are:

Adminimize
Advanced Access Manager
Advanced Custom Fields
CommerceGurus Toolkit
Contact Form 7
Duplicate Page
Jquery Validation For Contact Form 7
LayerSlider WP
MailChimp for WordPress
Redux Framework
Widget CSS Classes
WP Live Chat Support
WPBakery Visual Composer
WPFront User Role Editor
Yoast SEO

Please list all your installed plugins. We have to find the biggest common denominator.

• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.
• This reply was modified 5 years, 2 months ago by marc77.

Well, here is another one!

I am from germany and the german wordpress Forum is full with this questions why all of the sudden the 2.7.1 wordpress is soooooooo slow. I work now on that problem for 1 Month. I really tried everything. I have a huge dedicated server. The server ist 100% not the problem. There is anything inside of the wordpress 2.7 and 2.7.1 what make that slowness. for me my admin is ok, but the main site need always arround 5 seconds..even when i have the wp_cache, super_cache, hyper_cache..gzip etc. on. i updated to php5 with new libcurl. i deactivated the plugin updates and the core updates. i installed it 5 times complete new. Well, i am really on my end. I found out, when i add that return; in the http.php its a bit better but after that the ping is not going out..i think nobody knows..but its true. i really hope that we find out this problem. Its really not a minor Problem..but most of these Mio WordPress User just wait for a next Version and hope with that its better. But my blog have alot of visitors each day and they all complain ??

@otto: this is my cron:

a:2:{i:1237980129;a:2:{s:17:”wp_update_plugins”;a:1:{s:32:”40cd750bba9870f18aada2478b24840a”;a:3:{s:8:”schedule”;s:10:”twicedaily”;s:4:”args”;a:0:{}s:8:”interval”;i:43200;}}s:16:”wp_update_themes”;a:1:{s:32:”40cd750bba9870f18aada2478b24840a”;a:3:{s:8:”schedule”;s:10:”twicedaily”;s:4:”args”;a:0:{}s:8:”interval”;i:43200;}}}s:7:”version”;i:2;}

when u need me for anything to do on my server, let me know..i have full access!