Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33281 articles
Browse latest View live

wordfence scan error

May 23, 2021, 7:42 pm
$
0
0

Replies: 3

I’m having issue with wordfence from completing a scan on my website… This error occurs…
Error writing value for wf_summaryItems (MySQLi error: [2000] Unknown MySQL error)

Search

Sophos AV caught a malware attempt from wordfence

May 24, 2021, 8:56 am
$
0
0

Replies: 1

Hello, it would appear that something was able to leverage either php or wordfence code to attempt to open a piece of malware. We are researching how the code /tmp/phpfqaBVJ got there in the first place, bit it appears that wordfence attempted to open it.
Corrections and advice welcome.
Thanks,
Erik

[23-May-2021 10:03:34 UTC] PHP Warning: fopen(/tmp/phpfqaBVJ): failed to open stream: Operation not permitted in /data/wp/content/html/itstraining/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/request.php on line 840

From Sophos:

sophosav/sophosmgmtd.log:2021-05-23 05:03:34,778 INFO sophosmgmtd.adapters.AVAdapter: Reporting threat Mal/Generic-S detected at /tmp/phpfqaBVJ (namespace) (canCleanup=False, rebootRequired=False, finalResult=0, action=116) with <?xml version="1.0" encoding="utf-8"?><notification description="Found 'Mal/Generic-S' in &quot;/tmp/phpfqaBVJ (namespace)&quot;" timestamp="20210523 100334" type="sophos.mgt.msg.event.threat" xmlns="http://www.sophos.com/EE/Event"><user domain="local" userId="apache"/><threat id="Tb15cb032b5e09bb2da7bdffacd8929f3" idSource="Tmd5(dis,vName,path)" name="Mal/Generic-S" scanType="201" status="200" type="1"><item file="phpfqaBVJ (namespace)" path="/tmp/"/><action action="116"/></threat></notification>
sophosav/sophosmgmtd.log:2021-05-23 05:03:34,973 INFO sophosmgmtd.adapters.AVAdapter: Reporting threat Mal/Generic-S detected at /tmp/phpfqaBVJ (namespace) (canCleanup=False, rebootRequired=False, finalResult=0, action=116) with <?xml version="1.0" encoding="utf-8"?><notification description="Found 'Mal/Generic-S' in &quot;/tmp/phpfqaBVJ (namespace)&quot;" timestamp="20210523 100334" type="sophos.mgt.msg.event.threat" xmlns="http://www.sophos.com/EE/Event"><user domain="local" userId="apache"/><threat id="Tb15cb032b5e09bb2da7bdffacd8929f3" idSource="Tmd5(dis,vName,path)" name="Mal/Generic-S" scanType="201" status="200" type="1"><item file="phpfqaBVJ (namespace)" path="/tmp/"/><action action="116"/></threat></notification>
sophosav/sophosmgmtd.log:2021-05-23 05:03:34,996 INFO sophosmgmtd.adapters.AVAdapter: Reporting threat Mal/Generic-S detected at /tmp/phpfqaBVJ (namespace) (canCleanup=False, rebootRequired=False, finalResult=0, action=116) with <?xml version="1.0" encoding="utf-8"?><notification description="Found 'Mal/Generic-S' in &quot;/tmp/phpfqaBVJ (namespace)&quot;" timestamp="20210523 100334" type="sophos.mgt.msg.event.threat" xmlns="http://www.sophos.com/EE/Event"><user domain="local" userId="apache"/><threat id="Tb15cb032b5e09bb2da7bdffacd8929f3" idSource="Tmd5(dis,vName,path)" name="Mal/Generic-S" scanType="201" status="200" type="1"><item file="phpfqaBVJ (namespace)" path="/tmp/"/><action action="116"/></threat></notification>
sophosav/sophosmgmtd.log:2021-05-23 05:03:35,014 INFO sophosmgmtd.adapters.AVAdapter: Reporting threat Mal/Generic-S detected at /tmp/phpfqaBVJ (namespace) (canCleanup=False, rebootRequired=False, finalResult=0, action=116) with <?xml version="1.0" encoding="utf-8"?><notification description="Found 'Mal/Generic-S' in &quot;/tmp/phpfqaBVJ (namespace)&quot;" timestamp="20210523 100335" type="sophos.mgt.msg.event.threat" xmlns="http://www.sophos.com/EE/Event"><user domain="local" userId="apache"/><threat id="Tb15cb032b5e09bb2da7bdffacd8929f3" idSource="Tmd5(dis,vName,path)" name="Mal/Generic-S" scanType="201" status="200" type="1"><item file="phpfqaBVJ (namespace)" path="/tmp/"/><action action="116"/></threat></notification>

1400 brute force attempts by my own IP / Spoofed of course

May 24, 2021, 11:02 am
$
0
0

Replies: 2

Noticed a 503 error message from wordfence. Had to use email link to gain access. Live traffic shows my correct IP address. Top IP Block shows my IP blocked 1432 times in last 7 days. Correct IP address listed in IP white list. Scans show no issues.
If I log out or website times out I am locked out again. Is there a fix?

Where do I go to set the password?

May 24, 2021, 11:45 am
$
0
0

Replies: 3

I can’t figure out where to set the username and password for the login box that pops up before allowing me to log into the admin panel.

Cannot connect to Wordfence Central: CloudFlare blocking

May 24, 2021, 2:19 pm
$
0
0

Replies: 1

I’ve done all the actions required from the “Connecting your sites to Wordfence Central” found here: https://www.wordfence.com/help/central/connect/#troubleshooting-connection-issues

To my knowledge the REST API is enabled on my website. I shouldn’t have any plugins that disable it. I’m still seeing the “We’ve detected CloudFlare blocking our requests to your site” under Connection Issues.

I was having issues with completing scans, but when I deactivated Auto-optimize it will complete the scan just fine. Doesn’t fix this issue though, even after purging Cloudflare cache.

I’ve also properly set the “CF-Connecting-IP” configuration. I’m at my wits end as to what could be causing the error, but from what I see in prior posts with this same issue there is something that might be blocking it on the website itself? Please advise, I’ll be happy to send diagnostics test.

WordPress database error and WAFIPBlocking

May 24, 2021, 6:54 pm
$
0
0

Replies: 1

Hello I would like to know if anyone else has experienced this error and how to solve it?

I found this information in the file “error_log”

The error follows:

[25-May-2021 00:51:43 UTC] Erro de banco de dados do WordPress Commands out of sync; you can't run this command now para a consulta SELECT *, CASE 
WHEN <code>type</code> = 3 THEN 0
WHEN <code>type</code> = 4 THEN 1
WHEN <code>type</code> = 7 THEN 2
WHEN <code>type</code> = 6 THEN 3
WHEN <code>type</code> = 5 THEN 4
WHEN <code>type</code> = 9 THEN 5
WHEN <code>type</code> = 8 THEN 6
WHEN <code>type</code> = 2 THEN 7
WHEN <code>type</code> = 1 THEN 8
ELSE 9999
END AS <code>typeSort</code>, CASE 
WHEN <code>type</code> = 3 THEN <code>parameters</code>
WHEN <code>type</code> = 4 THEN <code>parameters</code>
WHEN <code>type</code> = 1 THEN <code>IP</code>
WHEN <code>type</code> = 9 THEN <code>IP</code>
WHEN <code>type</code> = 5 THEN <code>IP</code>
WHEN <code>type</code> = 6 THEN <code>IP</code>
WHEN <code>type</code> = 7 THEN <code>IP</code>
WHEN <code>type</code> = 2 THEN <code>IP</code>
WHEN <code>type</code> = 8 THEN <code>IP</code>
ELSE 9999
END AS <code>detailSort</code>
 FROM <code>wpz_wfblocks7</code> WHERE <code>type</code> IN (7) AND (<code>expiration</code> = 0 OR <code>expiration</code> > UNIX_TIMESTAMP()) ORDER BY <code>typeSort</code> ASC, <code>id</code> DESC feita por wfWAFIPBlocksController::synchronizeConfigSettings, wfBlock::lockouts, wfBlock::allBlocks
[25-May-2021 00:51:43 UTC] Erro de banco de dados do WordPress Commands out of sync; you can't run this command now para a consulta SELECT name, val, autoload FROM wpz_wfconfig WHERE name = 'loginSec_lockoutMins' feita por wfWAFIPBlocksController::synchronizeConfigSettings, wfConfig::get
[25-May-2021 00:51:43 UTC] Erro de banco de dados do WordPress Commands out of sync; you can't run this command now para a consulta SELECT name, val, autoload FROM wpz_wfconfig WHERE name = 'firewallEnabled' feita por wfWAFIPBlocksController::synchronizeConfigSettings, wfConfig::get
[25-May-2021 00:51:43 UTC] Erro de banco de dados do WordPress Commands out of sync; you can't run this command now para a consulta SELECT name, val, autoload FROM wpz_wfconfig WHERE name = 'disableWAFIPBlocking' feita por wfWAFIPBlocksController::synchronizeConfigSettings, wfConfig::get

[BUG] Database error when installing plugin

May 24, 2021, 7:45 pm
$
0
0

Replies: 1

I recommend all your developer to turn on the WP_DEBUG and install debug plugin like ‘query monitor’ so you can monitor warning and error that is hidden from user.

When installing plugin I get database error:

INSERT INTO wp_wfconfig (name, val, autoload) values ('lastNotificationID', '1', 'no')	

    wfConfig::atomicInc()
    wfNotification->__construct()
    wp-content/plugins/wordfence/lib/wfNotification.php:83
    wordfence::_refreshUpdateNotification()
    wp-content/plugins/wordfence/lib/wordfenceClass.php:377
    wordfence::_scheduleRefreshUpdateNotification()
    wp-content/plugins/wordfence/lib/wordfenceClass.php:342
    do_action('upgrader_process_complete')
    wp-includes/plugin.php:484
    WP_Upgrader->run()
    wp-admin/includes/class-wp-upgrader.php:857
    Plugin_Upgrader->install()
    wp-admin/includes/class-plugin-upgrader.php:137

	Plugin: wordfence 	Duplicate entry 'lastNotificationID' for key 'PRIMARY' 	1062
INSERT INTO wp_wfconfig (name, val, autoload) values ('lastNotificationID', '1', 'no')	

    wfConfig::atomicInc()
    wfNotification->__construct()
    wp-content/plugins/wordfence/lib/wfNotification.php:83
    wfScanEngine::refreshScanNotification()
    wp-content/plugins/wordfence/lib/wfScanEngine.php:114
    wfIssues->reconcileUpgradeIssues()
    wp-content/plugins/wordfence/lib/wfIssues.php:735
    wordfence::_refreshUpdateNotification()
    wp-content/plugins/wordfence/lib/wordfenceClass.php:387
    wordfence::_scheduleRefreshUpdateNotification()
    wp-content/plugins/wordfence/lib/wordfenceClass.php:342
    do_action('upgrader_process_complete')
    wp-includes/plugin.php:484
    WP_Upgrader->run()
    wp-admin/includes/class-wp-upgrader.php:857
    Plugin_Upgrader->install()
    wp-admin/includes/class-plugin-upgrader.php:137

	Plugin: wordfence 	Duplicate entry 'lastNotificationID' for key 'PRIMARY' 	1062

website broke after removing wordfence

May 25, 2021, 5:17 am
$
0
0

Replies: 1

I removed wf tables on myphpadmin and the file wordfence-waf.php with uni file and the website started showing “There has been a critical error on this website.

Learn more about troubleshooting WordPress.”

Search

Wordfence – BOTS

May 25, 2021, 5:53 am
$
0
0

Replies: 2

Hi,

It looks like most of the traffic appears to be coming from BOTS.

Thing is, I can see that from the log that in fact, they are humans.

But the “Live Traffic” shows the symbol of X > Bot, not “Human”?

Any ideas why this is, please?

Plugin appears to be abandoned

May 25, 2021, 10:03 am
$
0
0

Replies: 2

Wordfence has reported a medium security risk; that one of the few plugins on my site has apparently been abandoned, stating the last update was two years ago. Yet, when I clicked to update the plugin, the result was that the plugin is current.

A visit to the plugin author’s site confirmed that the plugin is current, but prior to visiting the author’s site, I was unable to find the plugin listed in the WordPress plugin repository.

What does all of this mean, please?

Thanks.

Field ‘attackLogTime’ doesn’t have a default value

May 25, 2021, 12:13 pm
$
0
0

Replies: 2

Hi,

I’m getting the following error in nginx errors logs:

2021/05/25 19:38:22 [error] 43013#43013: *1951552 FastCGI sent in stderr: “PHP message: WordPress database error Field ‘attackLogTime’ doesn’t have a default value for query INSERT INTO{blanked}_wfhits(ctime,statusCode,isGoogle,IP,userID,URL,referer,UA,jsRun,action,id) VALUES (‘1621967899.091028’, ‘200’, ‘0’, ‘\0\0\0\0\0\0\0\0\0\0{blanked}’, ‘282’, ‘{blanked}/xmlrpc.php’, ”, ‘Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0’, ”, ‘loginFailValidUsername’, ‘0’) made by wfModel::insert” while reading upstream, client: {blanked}, server: {blanked}, request: “POST /xmlrpc.php HTTP/1.1”, upstream: “fastcgi://unix:/var/run/php/php-fpm.sock:”, host: “{blanked}”

I thought this may have occurred after we migrate the entire database to a new server, so I’ve just:
1) Took a backup of the Wordfence settings.
2) Enabled the delete tables on disable.
3) Update .user.ini to stop loading wordfence.
4) Disabled the plugin.
5) Delete the plugin.
6) Confirmed the tables were removed (all except the 2fa ones).
7) Re-installed Wordfence.
8) Import the backed up settings.
9) Update .user.ini to load it again.

The tables were recreate and it’s correct ‘attackLogTime’ (and ‘ctime’) still have no default value. The above INSERT is still erroring because of the ‘attackLogTime’.

Any chance this can be looked at? It’s making it hard tracking down other real errors.
Cheers,

  • This topic was modified 2 days, 11 hours ago by bighippo999. Reason: code tag didn't work, trying b-quote

wired country blocking.

May 25, 2021, 1:34 pm
$
0
0

Replies: 1

I experience country blocking on the free version on one of my sites.
this is possible?
bot of aherf from France not working on this site.
SEO Rank Drop and I see a lot of errors inside nginx.

please help.

Wordfence: Modified plugin file report: how to backup before repair?

May 25, 2021, 1:45 pm
$
0
0

Replies: 0

Hi,
I am getting a result found of a modified plugin file per wordfence. When I select “repair” and then on the following screen click on “Click here to download a backup copy of this file now” I just get directed to the public home page for the website (even though the url mentions download etc.) How do I do this? it isn’t clear at all and I don’t know of the click through address is even right? As it isn’t taking me to download the plugin file.
Thank you

  • This topic was modified 2 days, 9 hours ago by TJayYay.

Is Wordfence GDPR Compliant?

May 25, 2021, 7:34 pm
$
0
0

Replies: 2

Hello,

Will you tell me is Wordfence GDPR Compliant?

Thank you!

My website is not recognized

May 26, 2021, 3:16 am
$
0
0

Replies: 1

I have just paid for 3 years subscription but when I try to add the url of my website (https://msh-electronics.com) the message “Unable to resolve domain redirects” appear.

I am shocked that after paying 237.6 USD to a security company, one cannot write privately to report problems and ask for assistance but the only way to contact Wordfence is to have to do so publicly.
This seems absurd to me!
I am shocked that after paying 237.6 WordFence is not working because it is unable to reach and access the site through the Varnish cache server.
We are off to a very bad start!
I ask for a total refund!

Search

User Registration

May 26, 2021, 7:06 am
$
0
0

Replies: 1

Hi there, I am getting several “new user registration” email notifications. This is strange because as far as we know there is no facility on our website where people can register as users. I have just been deleting the new users.

Are you able to help identify how the new users are coming onto our system and how to stop that?

Thank you!

WordPress-Datenbank-Fehler Commands out of sync

May 26, 2021, 8:19 am
$
0
0

Replies: 1

Hi dear Wordfence support,

I get (a lot) of error message (in the debug.log) which are like:

[17-May-2021 08:15:10 UTC] WordPress-Datenbank-Fehler Commands out of sync; you can’t run this command now für Abfrage SELECT *, CASE
WHEN type = 3 THEN 0
WHEN type = 4 THEN 1
WHEN type = 7 THEN 2
WHEN type = 6 THEN 3
WHEN type = 5 THEN 4
WHEN type = 9 THEN 5
WHEN type = 8 THEN 6
WHEN type = 2 THEN 7
WHEN type = 1 THEN 8
ELSE 9999
END AS typeSort, CASE
WHEN type = 3 THEN parameters
WHEN type = 4 THEN parameters
WHEN type = 1 THEN IP
WHEN type = 9 THEN IP
WHEN type = 5 THEN IP
WHEN type = 6 THEN IP
WHEN type = 7 THEN IP
WHEN type = 2 THEN IP
WHEN type = 8 THEN IP
ELSE 9999
END AS detailSort
FROM wp_wfblocks7 WHERE type IN (4) AND (expiration = 0 OR expiration > UNIX_TIMESTAMP()) ORDER BY typeSort ASC, id DESC von wfWAFIPBlocksController::synchronizeConfigSettings, wfBlock::patternBlocks, wfBlock::allBlocks
[17-May-2021 08:15:10 UTC] WordPress-Datenbank-Fehler Commands out of sync; you can’t run this command now für Abfrage SELECT *, CASE
WHEN type = 3 THEN 0
WHEN type = 4 THEN 1
WHEN type = 7 THEN 2
WHEN type = 6 THEN 3
WHEN type = 5 THEN 4
WHEN type = 9 THEN 5
WHEN type = 8 THEN 6
WHEN type = 2 THEN 7
WHEN type = 1 THEN 8
ELSE 9999
END AS typeSort, CASE
WHEN type = 3 THEN parameters
WHEN type = 4 THEN parameters
WHEN type = 1 THEN IP
WHEN type = 9 THEN IP
WHEN type = 5 THEN IP
WHEN type = 6 THEN IP
WHEN type = 7 THEN IP
WHEN type = 2 THEN IP
WHEN type = 8 THEN IP
ELSE 9999
END AS detailSort

Any idea where it comes from and is there an update avaialbe soon? I am on the latest versions of wordpress, wordfence etc.

Thanks in advance.

malformed url on notifications

May 26, 2021, 9:11 am
$
0
0

Replies: 1

On the dashboard, when wordfence correctly notifies of a plugin update available,
the link does not include the domain.
http://wp-admin/update-core.php
This happened after a server migration with a domain name change.
I uninstalled and reinstalled wordfence but still have the problem.
Not a big deal but concerned it might affect other functions as well

Is it possible to use SecureAuth with the 2FA solution of the Wordfence plugin?

May 26, 2021, 1:11 pm
$
0
0

Replies: 4

I have multiple wordpress sites using the free Wordfence plugin. I would like to enable / set-up 2FA on all of them, but use SecureAuth Authenticate as that’s what we use for our other non-Wordpress sites. Is that possible? If so, please provide details. Thanks.

Wholesale account user creation

May 26, 2021, 11:32 pm
$
0
0

Replies: 1

Hello,

I have a wholesale system on my woocommerce shop.
When users try to create an account, they see an 403 error and they cannot continue.
How do i configure wordfence in a way that account creation is allowed for wholesalers?
I would not like the 2fa, it is too complicated for them.

Viewing all 33281 articles
Browse latest View live
Search