xsiv

This plugin was my choice for all the sites I build. Now Im getting these popups.
How do I disable the popup from the dashboard?
Why build this plugin with popups with we have widgets on our dashboard.
I won’t be using this plugin anymore. it’s full of bloat now ??
Disapointed

I am having the same issue after not be able to get it to work. The Plugin has been working. but suddenly Stopped.
We should be able to hide the warning. Just sorting out the code for this. i will let you know how i get on

im sure the above is a block while on learning mode?
Malicious File Upload

Hi All
So I decided to use agent ransack to scan through my files and look into my SQL database. I used all in one wp migrating to download the site and used a program called Traktor to extract the backup.

I look for expressions of wp-file manager within the SQL database

I found this. is it whitelisted in wordfence ?? I’m not sure or has this been blocked and its a log ?

DROP TABLE IF EXISTS SERVMASK_PREFIX_wfhits;
CREATE TABLE SERVMASK_PREFIX_wfhits (
id int(10) unsigned NOT NULL AUTO_INCREMENT,
attackLogTime double(17,6) unsigned NOT NULL,
ctime double(17,6) unsigned NOT NULL,
IP binary(16) DEFAULT NULL,
jsRun tinyint(4) DEFAULT ‘0’,
statusCode int(11) NOT NULL DEFAULT ‘200’,
isGoogle tinyint(4) NOT NULL,
userID int(10) unsigned NOT NULL,
newVisit tinyint(3) unsigned NOT NULL,
URL text,
referer text,
UA text,
action varchar(64) NOT NULL DEFAULT ”,
actionDescription text,
actionData text,
PRIMARY KEY (id),
KEY k1 (ctime),
KEY k2 (IP,ctime),
KEY attackLogTime (attackLogTime)
) ENGINE=MyISAM AUTO_INCREMENT=266 DEFAULT CHARSET=utf8;

INSERT INTOSERVMASK_PREFIX_wfhitsVALUES (220,1600130197.644300,1600130196.513430,'\0\0\0\0\0\0\0\0\0\0??4?“a',0,404,0,0,0,'https://mydomain//wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php','','curl/7.68.0','learned:waf','Malicious File Upload','{\"learningMode\":1,\"failedRules\":[11],\"paramKey\":\"xxxxxxxxxxxxxxx changed info\",\"paramValue\":\"xxxxxxx=\",\"category\":\"file_upload\",\"ssl\":true}');

Hi I was just going to post a question about wp-file-manager
I know this plugin has a massive vulnerability to give hackers access to ur domains root director.

https://www.wordfence.com/blog/2020/09/millions-of-sites-targeted-in-file-manager-vulnerability-attacks/

I have seen the same thing on my firewall. With random people bots been blocked from uploading wp-filemanager
One thing I found interesting, I could see it been hit and blocked in my wordfence
I check the file location and I could not see it there.
I did a search on the root of my server and found wp-file-manager-pro in 2 directories. This was never installed by me as i like to use filemanager
I deleted it and refreshed the file manager ? found the folder in my uploades area not plugins.
This folder wp-filemanager-pro came back every time I deleted it
I renamed the file then set permissions to 0000. Then I deleted it again after about 30 min it came back with the new name. I watching the live traffic on wordfence to see if I could spot any uploads. but nothing
All passwords were reset for the 2 domains.
2fa for the server access etc.
I found inside the wp-file-manager-pro upload 1 file with no extension no permitions etc called fm_backup – inside this were 2 more files
index.php and index.html.

I managed to zip them up and download them.
after that. the files inside the directory fm_backup disappeared. As someone deleted them. even when I have 0000 permission on the main wp-file-manager-pro
running wordfence premium on both sites and set monitoring to all traffic.
I hope it’s not an inside job from the host. as they were trying to sell me an overpriced security upgrade. 300usd per-domain.

thoughts

You can set the security to xmp-rpc in file manager to 0000
i think that should work

Hi John, great plugin,
im trialing the demo, so far its looking good
https://173.254.18.185/sharpimagery/social/

i will be looking at getting the pro version ??

hi John. I have been looking for a insta plugin that removes the white background. My new site im making for a friend uses dark background colours. whats the highest resolution we can pull the images through as ?

many thanks

si

i used the built in form, got a tone of spam,i suggest using formidable. it works great with reCAPTCH, all tho u need to use short code to insert it

thank you so much Neezurft, you solution worked ??

Thanks for the info , how did u clear u cache ? i dont use wp super cashe etc

thanks ??

hey mate,
who are u using for hosting. u need to go to the domains area of ur host, click add domain, put the name in, sub.mydomain.com
make sure the tick box is set for sub domain, set the folder location and ur done

still looking for a solution, i be happy to pay to find a fix for this.

Any Information on resolving the home page displaying instead of the contact form would be greatly appreciated. its a great plugin i just need it to work.