videogamerumors
Forum Replies Created
-
[FOR NEW READERS] — If you’ve come to this thread thinking you may be in luck, I’m sorry. The developer of this plugin has no idea how to fix this issue. Right now you’re just SOL and have what equates to malware running on your server. Good luck finding a resolution for yourself.
James
@gioni – two things are true.
1.) You have an issue that is affecting multiple users due to somewhere that WP Cerber is blocking “failed username” login attempts.
2.) WP Cerber stores information SOMEWHERE outside its own plugin installation folder. This I have verified multiple times by deleting the entire plugin folder and rebuilding the plugin database from scratch (meaning 0 plugins). After then downloading a new version of the Plugin directly from this site and dropping those files into the NEW Plugins folder, WP Cerber has a complete log and all its original settings from before the directory rebuild.
This issue either A.) Needs to be resolved, or B.) this plugin needs to be pulled from the market until further troubleshooting can resolve this issue.
James
- This reply was modified 7 years, 9 months ago by videogamerumors.
- This reply was modified 7 years, 9 months ago by videogamerumors.
@gioni – though I am very frustrated with this down time, I can’t say that I don’t appreciate you responding to posts here and at least making a small effort to offer assistance.
The outcome of this situation has left me unable to trust your plugin simply because of the software’s actions.
From all appearances, you work hard to better the WordPress community at large. If this is truth, then I appreciate the effort you put forth. Again, because your plugin screwed me so hard, I have no ability to have faith in its effectiveness- if it fails on small things, how can I know it’s going to work on big things?
Take this for what you will. If I am ever able to root out the file that WP Cerber actually wrote into in order to permeate the block, I will publish that information to hopefully prevent someone else from suffering this same issue.
James
As of today- the problem is no longer interfering with my ability to access the site because I managed to get my ISP to change my IP address– this took 36 hours of waiting for a DHCP reservation to fall of, meaning WP Cerber took my home out of internet commission for 36 hours, and prevented access to my website itself for a few days.
This is still very much a fatal design flaw in the implementation of WP Cerber that makes it an unreliable and dangerous tool that WILL block communications to your server and not indicate how to remove this block from being in effect.
In troubleshooting; I removed everything from the site in attempt to isolate the issue to anything other than WP Cerber (the plugin that did the initial block– view the image I submitted earlier in this thread for the proof).
Nothing resolved the issue. The exact IP that WP Cerber blocked was unable to reach the front end of the wordpress site (lo-and behold, the only part that WP Cerber has ability to access– devices behind that fronting WAN IP were able to get through to the server just fine).
Here is an issue that needs to be resolved, and is a reiteration of above: if you completely remove WP Cerber’s folder from the Installed Plugins root folder, then install a COMPLETELY NEW AND FRESH INSTALL, it will retain 100% of the prior configuration and activity history. This flies in direct disregard of Gioni’s statement that the Plugin Folder is the only location WP Cerber stores data.
This means that WP Cerber is unreliable, untrustworthy, and ultimately a damning piece of software. If the author’s words fly in the face of truth, don’t trust their code.
James
- This reply was modified 7 years, 9 months ago by videogamerumors.
@ avpman- First things first, I am a full-time Network Engineer professionally. “Some basic troubleshooting steps” are what I have most assuredly already completed. That tone doesn’t help the issue at hand.
Responding to your instruction step by step:
1.) IP and entire Subnet verified both externally and internally.
2.) Hosting provider and ISP on both sides are not blocking traffic either direction regarding the 2 ip’s in question.
3.) WP-Cerber plugin removed, renamed, re-added from backup, re-added from core, etc.
4.) Disabling the plugin did not restore access.read next section before responding–
@gioni: Website is not behind a proxy. Router is not behind a proxy.
The very instant that WP Cerber BLOCKED IP, the router and all devices behind it lost access to the server. IMMEDIATELY checking the site access from other networks showed two things: 1.) ONLY this network was blocked, and 2.) NOTHING was indicated on Lockout page, only on the activity history page.
To finalize: completely removing the entire WP-Cerber plugin, then installing a NEW and FRESH install did “NOT” install a NEW and FRESH installation. It retained all activity logs and settings.
THUS: WP-Cerber is either modifying or storing files somewhere OTHER than in it’s own Plugin folder.
Where does WP-Cerber SPECIFICALLY block an IP address? Which file exactly?
This is beyond infuriating; the plugin blocked network connectivity, immediately reported it, but did not display it through block logs. This plugin is screwing me real hard right now.
- This reply was modified 7 years, 9 months ago by videogamerumors.
My IP was blocked in Cerber. This is indisputable fact. From that exact moment on, I have been unable to access the site with any device behind the IP address that received the block.
Everything else connects just fine.
The Access List / Blocked page does not have any entries. I have even whitelisted the ip / range. No fix.
WP Cerber banned me from my own site.
[Edit 1]: Furthermore- the Lockouts (even from the exact moment of blocking the IP) table has been empty when viewed from the WP console.
[Edit 2]: WP Cerber obviously does store something somewhere other than in the Plugins folder, as after removing it entirely then re downloading and installing a fresh version restores previous entries in the history.
- This reply was modified 7 years, 9 months ago by videogamerumors.
- This reply was modified 7 years, 9 months ago by videogamerumors.
- This reply was modified 7 years, 9 months ago by videogamerumors.