All Plugins Got Deactivated

Home Forums BulletProof Security Pro All Plugins Got Deactivated

This topic contains 11 replies, has 2 voices, and was last updated by  Living Miracles 1 year, 6 months ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #31462

    Living Miracles
    Participant

    Hi,

    On two of my sites, over the past two days, somehow all the plugins got deactivated and basically left the sites looking “bad.” I’m wondering if there is any way BPS Pro could have anything to do with this? It’s a long shot, but I felt to ask. I connected with my hosting provider, and they said there is no way it could be server-related. They said, it would be either me or my colleagues disabling the plugins/plugin folder or making some change in the database to disable all the plugins (neither of these have happened). The other suggestion they gave, was that the site has been hacked/has malware.

    Any thoughts?

    Thank you!

    #31463

    AITpro Admin
    Keymaster

    The only possible security feature in BPS Pro that could do anything similar to something like that would be AutoRestore|Quarantine.  Did you recieve any email notifications about files being quarantined?  Do you see any files in Quarantine?  You can also check this AutoRestore|Quarantine log file using FTP:  /wp-content/bps-backup/logs/autorestore_log.txt

    #31464

    Living Miracles
    Participant

    Hi,

    Thanks. There were no quarantined files today (for the site where the issue happened this morning). The only thing in the log are from two days ago:

    
    [Root File AutoRestore Logged: 28 november, 2016 12:22 am]
    Quarantined Filename: gd-config.php
    Quarantine Path: /home/content/xxxxxxxxxx/xx/xxxxxxxx/html/wp-content/bps-backup/quarantine/root-files/gd-config.php
    Restore Path: /home/content/xxxxxxxxxx/xx/xxxxxxxx/html/gd-config.php
    
    [wp-content File AutoRestore Logged: 28 november, 2016 6:57 pm]
    Quarantined Filename: object-cache.php
    Quarantine Path: /home/content/xxxxxxxxxx/xx/xxxxxxxx/html/wp-content/bps-backup/quarantine/wp-content/object-cache.php
    Restore Path: /home/content/xxxxxxxxxx/xx/xxxxxxxx/html/wp-content/object-cache.php

    Those are the last two entries in the log; so nothing has been quarantined for 2 days.

    #31465

    AITpro Admin
    Keymaster

    I assume this is a Go Daddy Managed WordPress hosting account (special type of hosting that is not standard Go Daddy hosting) since the gd-config.php file exists and was quarantined.  To exclude dynamically updated files from being checked and quarantined by AutoRestore see this link for how to create AutoRestore single file exclude rules:  http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#autorestore-exclude-rules  You would also create a single file exclude rule for the object-cache.php file.

    I doubt that this had anything to do with malware or the site being hacked because hackers do not want you to know your website is hacked since that would defeat their intended purpose.  The other 2 things your host mentioned are common things that can cause all plugins to be deactivated.  Example:  If you rename the WordPress /plugins/ folder and then login and go to the WordPress Plugins page then all plugins will be automatically deactivated.

    #31466

    Living Miracles
    Participant

    Thanks; yes it’s a both sites in question are GoDaddy MWP sites. Thanks for the link to exclude those dynamically created files from ARQ.

    I understand the issue of renaming the WordPress /plugins/ folder and that that would cause the plugins to be disabled; but what I’m saying is that neither I nor my colleagues renamed the plugins folder, so I’m just trying to track down what else could cause all of our plugins to be deactivated. I’m glad you mentioned though, that’s it’s probably not hacked, since hackers wouldn’t want it to be obvious that the site was hacked.

    Any other thoughts on what could have caused this?

    Thank you!

    #31467

    AITpro Admin
    Keymaster

    The only other logical guesses I have are your host did some sort of file migration or your host did some sort of database migration.  Other than that I cannot think of anything else besides what your host support folks already stated.

    Hmm maybe the gd-config.php and object-cache.php files being quarantined could be related to whatever caused the plugins to be deactivated.  The scenario would be that GDMW hosting dynamically updated those files and they were quarantined and autorestored with older versions of those files from AutoRestore backup.  So what you would need to ask GDMW hosting is if this particular scenario occurred, is it possible that older versions of these files could cause a problem like this.  The timing is pretty recent, but logically I would think these files would not have the capability to cause this problem.  Since these files are specific to GDMW hosting then you would need to ask them if this scenario is even possible.  Probably not, but definitely worth asking about.

    hmm yeah seems like maybe GDMW hosting did do a database upgrade in the last 2 weeks.  😉  found this below…

    “…over the last 2 weeks. It’s their attempted upgrade to their mysql. Object caching failure I’m told by somone there.”

    #31468

    Living Miracles
    Participant

    Ok, thank you!!

    #31708

    Living Miracles
    Participant

    I’ve been trying to get the /gd-config.php and /wp-content/object-cache.php files excluded from ARQ, but no matter how I enter the file path, I get the same error; that whatever I used is not a valid file path. I read through this  http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#autorestore-exclude-rules and the Read Me on the ARQ Add|Exclude Other Folders & Files page; I’m following these instructions:

    1. Go to the AutoRestore page and turn Off AutoRestore.
    2. Go to the Quarantine page and restore the error_log file that was quarantined.
    3. Go back to AutoRestore > click on the Add|Exclude Other Folders & Files tab page > under the Exclude Folders & Files form > select Exclude an Individual File > Enter an Exclude Folder or File Path: /xxxxx/public_html/error_log
    4. Click the Exclude button.
    5. Turn AutoRestore back on.

    I’ve tried the following file paths:
    /home/xxxxxxxxxxxxxxxx/html/gd-config.php
    /xxxxxxxxxxxxxxxx/html/gd-config.php
    /html/gd-config.php
    /gd-config.php

    Those are the file paths as I see them through FTP. Each one resulted in the same error, that the file path wasn’t valid. Can you tell me what I’m missing here?

    Thank you!

    #31709

    AITpro Admin
    Keymaster

    When a file is quarantined, the file path is logged in the Quarantine Log file.  You can get the file path from the Quarantine Log.  What exactly does this mean “I’ve been trying to get the /gd-config.php and /wp-content/object-cache.php files excluded from ARQ”.  Are you trying to add single file exclude rules or are you trying to remove single file exclude rules that you added previously?

    #31711

    Living Miracles
    Participant

    Thanks. I’m trying to add single file exclude rules. I just checked the Quarantine log and found a line for the “Quarantine Path” and the “Restore Path”. I’m guessing I want to use the “Restore Path”? Here’s the restore path I found (I replaced specific numbers with ‘x’):

    Restore Path: /home/content/xxxxxxxxxxxxxxxxxx/xx/xxxxxxx/html/gd-config.php

    Which piece of this line do I need to use for the exclude rule?

    #31712

    AITpro Admin
    Keymaster

    Correct, the Restore Path is the original path where the file existed before it was quarantined.  You would use the entire restore path for the AutoRestore single file exclude rule.  Note:  The file MUST actually exist/have been restored first before you try to create your AutoRestore single file exclude rule.  If you already deleted a file you can manually create/copy/upload a new file, then create your single file exclude rule.

    #31713

    Living Miracles
    Participant

    Ok, perfect. That works! Thank you for the clarification.

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.