marius.cucuruz

Thanks, @gaurav984!

I’ll look into integrating WP-CLI with Docker (i.e. docker compose) to automate things as per your suggestion.

Cheers

Tanks @wfpeter for clarifying.

(I apologise for the delay in acknowledging your support)

Good question!
I too would like to know this.

Later edit:
found the answer here https://www.ads-software.com/support/topic/delete-old-entry-files/

• This reply was modified 5 years, 4 months ago by marius.cucuruz. Reason: found answer

Thanks for your reply mate. Appreciate your work!
Cheers

Hello,
Not sure if this will apply to you but I’ve been having an issue for several months before I came across the solution as a last resort. Turns out there’s some encryption and / or encoding between your site(s) and the 3rd party providing the SMTP service that may cause problems authenticating with details that have certain characters (e.g. #, $ etc). What worked for me was to reset the SMTP password to something less complex.

Hope this helps.
Merry Christmas!

Cheers

Marius

That’s cool. Thank you very much.

Since you brought it up, might I suggest amending the getSession() method in bookaroom-meeting-public.php? The else snippet could do with the following:

if (!$externals[$key]) {
externals[$key] = NULL;
}

Just a suggestion.

Cheers

Just to be clear, I’m hoping for a shortcode to allow the user to basically cancel / confirm a meetings they’ve already booked.
Thanks

I to have the same issue when I try to upgrade my license. Luckily had tried in a dev environment first otherwise it would have messed up my corporate site.

I’ve not looked into fixing this myself, since this is a paid for plugin and you’d expect someone to keep an eye on these bug reports as part of customer service.

Figured it out… inside the_loop there were 2 calls to the_post() which lead to this behaviour. So frustrating!

The lesson I’ve learned today is to check all parts of a theme (get_template_part()) carefully and patiently…

hope I didn’t waste anyone else’s time with this;

excellent find, dealbas! where exactly was it? was it in /plugins/ directory in a functions.php file?

Changing the Salts and Auth Keys is really good. Also, having looked at the script in social.png, I’ve decided to add this to my wp-config.php to prevent it from running again:
define( 'WP_OPTION_KEY', '');
Then removing the social.png file should have covered everything I guess.

Any other ideas or suggestions are welcomed.

Look for file(s) named social.png and open it with notepad; if there’s PHP code in there, delete it as it is clearly not an image. Then run the SQL queries posted earlier to remove code from the database. If you cannot find the fake image that runs the PHP script, I’m afraid you’ll need to run the SQL code to remove the download script each time it’s activated on your site.
I still don’t know how this got on my site in the first place. Quite annoying.

Hey Franco,
Please check to see if you too have the ./wp-content/plugins/wordpress-simple-survey/images/social.png file. Would sort of reassuring nice to see we all have the same symptoms… If you do find that image, delete it and then run that PHP script I posted yesterday.
Good luck

Looks like the malicious code resides in wp-content/plugins/wordpress-simple-survey/images/social.png so the guilty one here is actually WP Simple Survey.

Haven’t yet had a look to see what that code actually does but initaily I saw some hosts and email addresses so I reckon password changing might be a good idea.
If anyone else can investigate this further I am curious to hear your thoughts.

Also as a precaution I’ve added the following line in my wp-config.php file:
define( 'WP_OPTION_KEY', '');
I think this will prevent this code from running in the future.

I’ve made some progress by identifying where this is initiated. In your wp_options (or wp_ID_options on multisite) there’s a row / option called ‘wp_data_newa’. Will investigate further to see who’s responsible for this but for now you can (temporarily!) fix it by removing it with an SQL statement:
DELETE FROMwp_optionsWHEREoption_namelike '%wp_data_newa%'

Additionally, if you have a big multi site, you may run a PHP script like this one:

<?php
/**
 * @author Marius Cucuruz
 * @description Fixes the "socialstats" download message by deleting lines WHERE <code>option_name</code> = 'wp_data_newa'
 * @copyright The tab Media, 2014
 */

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp/wp-blog-header.php' );

global $wpdb;

$blogs_details = $wpdb->get_results('SELECT <code>blog_id</code>, <code>domain</code> FROM <code>wp_blogs</code> ORDER BY <code>wp_blogs</code>.<code>blog_id</code> ASC', ARRAY_A);
foreach ($blogs_details as $blogDetails)
{
    if ($blogDetails['blog_id'] == 1)
    {
        echo "<br />Checking ". $blogDetails['domain'] ." (#". $blogDetails['blog_id'] ."):<br />";
        $socialstatsFixFind = "SELECT * FROM <code>wp_options</code> WHERE <code>option_name</code> like '%wp_data_newa%'";
        if ($wpdb->query($socialstatsFixFind)) {
                echo "Darn! Found entry here... ";
                $socialstatsFixRemove = "DELETE FROM <code>wp_options</code> WHERE <code>option_name</code> like '%wp_data_newa%'";

                if ($wpdb->query($socialstatsFixRemove)) {
                    echo "<strong style='color: green;'>Successfully fixed!</strong><br />";
                } else {
                    echo "<strong style='color: red;'>SHIT!<br />ERROR</strong>: ". mysql_error() ."<br />";
                }
        } else {
            echo "<strong style='color: green;'>". $blogDetails['domain'] ." is clean!</strong><br />";
        }
    }
    else
    {
        echo "<br />Checking ". $blogDetails['domain'] ." (#". $blogDetails['blog_id'] ."):<br />";
        $socialstatsFixFind = "SELECT * FROM <code>wp_&quot;. $blogDetails['blog_id'] .&quot;_options</code> WHERE <code>option_name</code> like '%wp_data_newa%'";
        if ($wpdb->query($socialstatsFixFind)) {
                echo "Darn! Found entry here... ";
                $socialstatsFixRemove = "DELETE FROM <code>wp_&quot;. $blogDetails['blog_id'] .&quot;_options</code> WHERE <code>option_name</code> like '%wp_data_newa%'";
                if ($wpdb->query($socialstatsFixRemove)) {
                    echo "<strong style='color: green;'>Successfully fixed!</strong><br />";
                } else {
                    echo "<strong style='color: red;'>SHIT!<br />ERROR</strong>: ". mysql_error() ."<br />";
                }
        } else {
            echo "<strong style='color: green;'>". $blogDetails['domain'] ." is clean!</strong><br />";
        }
    }
}
?>