supaiku
Forum Replies Created
-
Thanks!
Forum: Plugins
In reply to: [My Calendar - Accessible Event Manager] The event pop-up boxes won’t OPENbonus to make the cursor turn to a hand over he areas that are clickable to make the popup show:
.my-calendar-table .event-title{
cursor:pointer;
}Forum: Plugins
In reply to: [My Calendar - Accessible Event Manager] The event pop-up boxes won’t OPENFor me disabling the link allowed the popups to open normally. I used this css:
/*calendar popupfix*/
.my-calendar-table .event-title .url {
pointer-events: none;
}That notice clued me into vulnerabilities I found otherwise – with no visible database changes.
Since I host a number of sites on my own server, I looked into pretty closesly – if you’re hosted on a shared server and you’re not the admin – maybe don’t worry so much about it?
But still, I’d double check your WP hardening (which should eb done anyhow), and in my case I overwrote the hacked files by manually replacing WP via FTP – actually can’t exactly be sure every single file or remnant is resolved, but between overwriting all those which had changed dates, changing all passwords, hardening, and ongoing monitoring I feel pretty good.
Actually that may not be true – I just didn’t notice the changes.
It appears this log is from the day after the changes were made. Notice the JS files.
However, there’s also a bunch of others which don’t seem related, so… dunno about that… I don’t believe all of the files below had hack changes in them, but I know that a few of the js files did.[!] /var/www/thelanding/wp-includes/widgets/class-wp-widget-media-image.php
[!] /var/www/thelanding/wp-includes/widgets/class-wp-widget-text.php
[!] /var/www/thelanding/wp-includes/class-wp-query.php
[!] /var/www/thelanding/wp-includes/customize/class-wp-customize-nav-menu-control.php
[!] /var/www/thelanding/wp-includes/capabilities.php
[!] /var/www/thelanding/wp-includes/functions.php
[!] /var/www/thelanding/wp-includes/default-filters.php
[!] /var/www/thelanding/wp-includes/post.php
[!] /var/www/thelanding/wp-includes/class-wp-customize-manager.php
[!] /var/www/thelanding/wp-includes/script-loader.php
[!] /var/www/thelanding/wp-includes/update.php
[!] /var/www/thelanding/wp-includes/media-template.php
[!] /var/www/thelanding/wp-includes/class-wp-customize-nav-menus.php
[!] /var/www/thelanding/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
[!] /var/www/thelanding/wp-includes/js/wp-emoji-release.min.js
[!] /var/www/thelanding/wp-includes/js/codemirror/jshint.js
[!] /var/www/thelanding/wp-includes/js/wp-emoji-loader.min.js
[!] /var/www/thelanding/wp-includes/js/mediaelement/wp-mediaelement.min.js
[!] /var/www/thelanding/wp-includes/js/mediaelement/wp-playlist.js
[!] /var/www/thelanding/wp-includes/js/mediaelement/wp-playlist.min.js
[!] /var/www/thelanding/wp-includes/js/mediaelement/wp-mediaelement.js
[!] /var/www/thelanding/wp-includes/js/customize-selective-refresh.js
[!] /var/www/thelanding/wp-includes/js/twemoji.min.js
[!] /var/www/thelanding/wp-includes/js/customize-selective-refresh.min.js
[!] /var/www/thelanding/wp-includes/js/twemoji.js
[!] /var/www/thelanding/wp-includes/js/wp-emoji-loader.js
[!] /var/www/thelanding/wp-includes/js/tinymce/tinymce.min.js
[!] /var/www/thelanding/wp-includes/js/tinymce/wp-tinymce.js.gz
[!] /var/www/thelanding/wp-includes/js/media-views.js
[!] /var/www/thelanding/wp-includes/js/media-views.min.js
[!] /var/www/thelanding/wp-includes/query.php
[!] /var/www/thelanding/wp-includes/general-template.php
[!] /var/www/thelanding/wp-includes/version.php
[!] /var/www/thelanding/wp-includes/formatting.php
[!] /var/www/thelanding/wp-includes/css/editor.min.css
[!] /var/www/thelanding/wp-includes/css/editor.css
[!] /var/www/thelanding/wp-includes/css/editor-rtl.css
[!] /var/www/thelanding/wp-includes/css/editor-rtl.min.css
[!] /var/www/thelanding/wp-includes/wp-db.php
[!] /var/www/thelanding/wp-includes/ms-functions.php
[!] /var/www/thelanding/wp-admin/customize.php
[!] /var/www/thelanding/wp-admin/options.php
[!] /var/www/thelanding/wp-admin/network/site-new.php
[!] /var/www/thelanding/wp-admin/network/settings.php
[!] /var/www/thelanding/wp-admin/options-general.php
[!] /var/www/thelanding/wp-admin/js/editor.min.js
[!] /var/www/thelanding/wp-admin/js/widgets.min.js
[!] /var/www/thelanding/wp-admin/js/editor.js
[!] /var/www/thelanding/wp-admin/js/updates.min.js
[!] /var/www/thelanding/wp-admin/js/customize-controls.js
[!] /var/www/thelanding/wp-admin/js/updates.js
[!] /var/www/thelanding/wp-admin/js/customize-controls.min.js
[!] /var/www/thelanding/wp-admin/js/widgets.js
[!] /var/www/thelanding/wp-admin/includes/plugin-install.php
[!] /var/www/thelanding/wp-admin/includes/update-core.php
[!] /var/www/thelanding/wp-admin/about.php
[!] /var/www/thelanding/wp-admin/css/widgets.min.css
[!] /var/www/thelanding/wp-admin/css/widgets-rtl.min.css
[!] /var/www/thelanding/wp-admin/css/widgets.css
[!] /var/www/thelanding/wp-admin/css/widgets-rtl.css
[!] /var/www/thelanding/readme.htmlI didn’t find specific database changes, I suspect the hacks returned anything to normal after making changes. Or perhaps I just didn’t find something the database yet. still looking…
It’s worth saying that neither wordfence or ninja/firewall/scanner’s scans or file checks found my hacked .js files – I found them based on a tip I found through twitter based on the URL revealed by my personal computer’s antivirus. Even when I identified the JS files, which are part of WP-core had the virus embeded in them and were the source of the coinhive code on the webpage, they were not identified by either scanning software, even when they were supposed to be comparing them to the WP database.
Overwriting them with the originals removed the malicious coinhive code from the site.it is weird that it’s your own address, but that could even be an infection from your personal computer or something. Hard to say, still, I’d recommend checking for vulnerabilities, changing DB passwords after, and doing thorough scans and checks
When this happend to me it was an indication of a coinhive hack I found:
1. an xmr process that was mining on my webserver from the /tmp directory
2. on one site – modified js files in wp-includes which injected coinhive harvesting code on pages – later clued into by ESET Web SecurityI found that the exploit was lkely made possible by wp-config.old files which had somehow been duplicated and were visible on some sites, giving database access.
I doubt this is a false warning.
Wordfence and ninjascanner did not find the infected js files for some reason
Forum: Plugins
In reply to: [My Calendar - Accessible Event Manager] The event pop-up boxes won’t OPENI reported this via their support, but are there any manual workarounds to overcome the JS issues in Divi?
Could you be a little more specific about which JS does this? Perhaps it could be removed in a child theme for my site.Thanks!
Forum: Plugins
In reply to: [WooCommerce] after update it writes a line that glitches WPI’ve also experienced this issue.
I also have this issue with both Divi Builder and Visual Composer.
Turns out the issue was in my VirtualHost sites-available configuration(s). The two sites didn’t have their domain names specifically assigned as VirtualHosts.
It also caused permalinks to not work properly, which turned me on the root of the issue (which was also causing this).
The sites managed to find the right wordpress site through the default catch-all re-direct and Domain Mapper plugin, but didn’t work for permalinks or NinjaFirewall.Thanks!
There are no directives before auto_prepend_file directive.
Also, the firewall is working on other sites on the network, it’s only these two new subsites that it fails to load on.
That’s from the root of the Multisite, however NFW works from the multisite, and most established sites and is only not working from two new Subsites.
NinjaFirewall (WP edition) troubleshooter
HTTP server : Apache/2.4.18 (Ubuntu)
PHP version : 7.0.18-0ubuntu0.16.04.1
PHP SAPI : APACHE2HANDLERauto_prepend_file : /var/www/wproot/wp-content/nfwlog/ninjafirewall.php
wp-config.php : found in /var/www/wproot/wp-config.php
NinjaFirewall detection : NinjaFirewall WP Edition is loaded (Full WAF mode)Loaded INI file : /etc/php/7.0/apache2/php.ini
user_ini.filename : .user.ini
user_ini.cache_ttl : 300 seconds
User PHP INI : none foundDOCUMENT_ROOT : /var/www/wproot/
ABSPATH : /var/www/wproot/ (ABSPATH != DOCUMENT_ROOT)
WordPress version : 4.8.1
WP_CONTENT_DIR : /var/www/wproot/wp-content
Plugins directory : /var/www/wproot/wp-content/plugins
User Role : Administrator
Log dir permissions : /var/www/wproot/wp-content/nfwlog dir is writable
Cache dir permissions : /var/www/wproot/wp-content/nfwlog/cache dir is writable
NinjaFirewall (WP edition) troubleshooter v1.5