tosunkaya

all of wp admin and all websites in the same server ultra slowed down because of this plugin, on every update the plugin’s been too overloaded with unnecessary ads and full of s*! i didnt check but is it mining or something but it’s definitely harmful and malicious!!!!! i will check the code. im glad to find this s* which is slowing ALL OF MY SERVER!

DO NOT INSTALL THIS MALICIOUS PLUGIN!!!!!!! IT EVEN SLOWS ALL SERVER! even of non installed ones.

Disabling minify option made it work. Please fix minify feature.

5 year ago version is still working. Can i use this one when it broke? What changes have you made thanks
Maybe you can upload this to wordpress plugin repo.

is it still safe to use the old version

https://i.ibb.co/3kQCjns/image.png

I edited item_link

but it still dont work on custom field. When i use “[#item_url]” in description, it works and shows the URL but if i add [#item_url] to a custom field. It shows “[#item_url]” instead of URL. Why and how can i make it work?

no difference

already added 3 IPs too + 69.46.36.28 = noc1.wordfence.com

??

enabled the bypass noabort setting tried 3 htaccess rules, it’s still same. cloudflare related?
https://i.ibb.co/89VC01T/image.png
https://i.ibb.co/3BB5gs7/image.png

I’m using google cloud. server: litespeed cyberpanel.
69.46.36.28 = noc1.wordfence.com

i will add code to htaccess morning.
this is similar: https://www.ads-software.com/support/topic/san-failed/
https://www.wordfence.com/help/scan/troubleshooting/#scan-process-ended-after-forking
https://www.wordfence.com/help/advanced/system-requirements/litespeed/#if-litespeed-aborts-wordfence-scans-and-updates

i was using aiowp security plugin + wordfence login (you have a seperate plugin) FOR 2FA (after clef, unloq beind out of service) then today started to using wordfence cuz of getting lots of bruteforce

I’m asking to be sure did you see this writing: When i disable cloudflare proxy, scanning is working (but still shows Connecting back to this site: wp_remote_post() test back to this server failed!)

wordfence login security plugin (for 2fa): https://www.ads-software.com/plugins/wordfence-login-security/

[Sep 30 02:40:41] Scan stop request received.
[Sep 30 02:40:48] Ajax request received to start scan.
[Sep 30 02:40:48] Entering start scan routine
[Sep 30 02:40:48] Got value from wf config maxExecutionTime: 0
[Sep 30 02:40:48] Got max_execution_time value from ini: 30
[Sep 30 02:40:48] getMaxExecutionTime() returning half ini value: 15
[Sep 30 02:40:58] Test result of scan start URL fetch: WP_Error::__set_state(array( 'errors' => array ( 'http_request_failed' => array ( 0 => 'cURL error 28: Connection timed out after 10004 milliseconds', ), ), 'error_data' => array ( ), ))
[Sep 30 02:40:58] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/tosunkaya.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=standard&cronKey=4c60fb44291b07fbd91d0563840255db&k=0256291ede5ff030a592280708a7b18f196c727bd5c7f383235a5ee4e9edbcb724030f2a1edbfa1f752321b37343ff424c30b746698066bbbf410228aa70e489&ssl=1&signature=b5301750124c7f07c7eb8911abeb901e48088733e7455c46d78ebe055bb3e3d1
[Sep 30 02:40:58] Scan process ended after forking.

im using google cloud + litespeed. i was using aiowps for years and found it didn’t really block xmlrpc.php (+ changed login url, found today it’s pointless) and i was getting thousands of brute force lockouts everyday, then today trying wordfence. still using aiowps on my other sites.

blacklist isn’t working for me. or maybe it had limit. i added 1500 IPs.
lockout is working. but after locked out, hackers already trying to xmlrpc.php (even which is blocked (supposed) by “completely block xmlrpc on aiowps setting”) but unfortunately blocking of aiowps wasn’t working. this is a vulnerability. thanks.

hi. thanks for analyzing @wfadam . added 3 ips from “IP(s) used by this server” to cf whitelist.
scan didnt work. enabled “start all scan remotely” tried scan didnt work. disabled remotely. tried scan, still same isn’t working.

hi i sent now.

“Diagnostic report has been sent successfully.”

But still same after allowing the ips. is 69.46.36.0/24 correct? @wfadam

Scan Failed
The scan has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself.

• This reply was modified 4 years, 1 month ago by tosunkaya.

@ayushsaraswat92

1 – Please make sure to keep your REST API key secret and not publish it anywhere.

You can reset the REST key by going to you Dashboard > App Settings > Keys & Ids and click the link that says “Reset your REST API key?”

https://documentation.onesignal.com/docs/accounts-and-keys#section-resetting-your-rest-api-key

2 – Reset your password

You can reset your password by logging into your account going to your Accounts & API Keys section and resetting it there:

https://documentation.onesignal.com/docs/manage-your-onesignal-account#section-reset-one-signal-account-password

3 – Remove any Admin users on your account that are not part of the project anymore or who don’t need access.

https://documentation.onesignal.com/docs/manage-your-onesignal-account#section-add-remove-or-update-user-access