BPS Compatibility and opinions?

Home Forums BulletProof Security Pro BPS Compatibility and opinions?

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #39268
    x
    Participant

    I’ve started reusing BPS (had recent HORRIBLE attacks with files being uploaded and executed from my /web (public_html) folder! and linux executables running from the hacked website).

    1) I would surely love (and be willing to pay for) some expert assistance.  Been running linux servers for almost 30 years and almost NEVER a hacking problem till a month ago!

    2) does BPS pay nice with Ninja Firewall and WPMU caching and defender anti-malware?

    thanks!

     

    #39269
    AITpro Admin
    Keymaster

    BPS Pro AutoRestore|Quarantine will quarantine any uploaded hacker files, but you need to first make sure that all of your websites under your host server are clean of all hacker files and code.  I created a help forum topic here with steps to cleanup a hacked hosting account/WordPress sites > https://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/. Important Note: Most likely your WordPress database does not contain any hacker code and does not need to be backed up or restored in the steps in the forum link above. You should skip any manual database steps in the forum link above and only do them if the manual file cleanup/repair steps do not completely remove all hacker files and code.

    I can assist you with the frontend stuff, but don’t really have the spare time to do any server-side stuff these days.

    Regarding compatibility with Ninja Firewall, I searched the forum and only found this 1 Topic > https://forum.ait-pro.com/forums/topic/are-these-plugins-working-with-bps-pro/, which explains some general help stuff.

    Regarding WPMU Caching, which is Hummingbird I assume, used to have 1 issue with BPS Pro, but that was fixed years ago. So BPS Pro and Hummingbird do play nice with each other.

    Regarding Defender Security by WPMU, I did not find any search results in this forum, which typically indicates there are not any compatibility issues, but any time you are using more than 1 WordPress security plugin there is a chance that some security features may overlap or conflict with each other. The typical solution for that is to use the overlapping security feature in 1 of the security plugins and turn off that security feature in the other security plugin.

    Check your BPS Pro Security Log for any Log entries that show any legitimate things being blocked in these plugins or any other plugins and post those Security Log entries in this forum and I’ll reply with a solution/fix.

    #39270
    x
    Participant

    ok couple more questions.
    I get a notice about .htaccess in wp-content that breaks BPS – I put them in to prevent php execution.
    just remove them?
    also when I get an error like that is it safe to just rerun the setup wizard after situation has been fixed?
    can bps block based on geolocation? thats one think I have ninja doing. non-usa access is blocked…

    I’ve ‘cleaned’ the site by removing the obvious hacked files and installed bps on the site.
    i’m hoping it will prevent whatever allowed the hack in the first place!
    the file blog.php (obvious malwre) along with linux executables were present in the root (web/public_html) folder.
    got any expertise to make it worthwhile uploading them?
    cdb

    ps cant reply to email because I’ve been blocked by several of the BL.

    Reporter seller_service
    06 Sep 2020
    php WP PHPmyadamin ABUSE blocked for 12h
    Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software plugins/solutions.Web App Attack

    Reporter Findus LeChat
    2020-09-02T09:54:14-04:00
    Attempt to hack WordPress Login, XMLRPC or other login

    Anonymous
    02 Sep 2020
    chaangnoifulda.de 74.96.241.34 [02/Sep/2020:13:16:17 +0200] “POST /wp-login.php HTTP/1.1″ 200 6667 ” … show more
    Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software plugins/solutions. Web App Attack

    Reporter computerdoc
    02 Sep 2020
    xmlrpc attack
    Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software plugins/solutions. Web App Attack

    #39271
    x
    Participant

    Another issue  – trying to run mscan but cant seem to get it to run box keeps saying ‘refresh to get estimate time’ and I cant tell mscan ever actually runs.

    would LOVE to scan my cleaned website see if any of the folders have any nasties hiding!

    also – a couple of files from the hummingbird cache (part of WPMUDEV) have been quarantined.

    safe to exclude the /wphb-cache from the scan?

     

    #39272
    AITpro Admin
    Keymaster

    Yep, delete the .htaccess file in the wp-content folder or create bypass/skip rules for the /bulletproof-security/ plugin folder. Blocking PHP execution in the wp-content folder is known to break a lot of plugins and themes.

    You can rerun the Wizards at any time and over and over…

    BPS does not do any geolocation or IP blocking. BPS blocks by “bad actions” vs static IP address blocking. Note: The US has more hackers than any other country in the world. 😉

    If MScan is looping and not starting then choose and scan less folders at a time. Note: MScan is very, very sensitive and does detect a lot of false positives. I never got around to making MScan user-friendly. Currently you have to be a coder or at least know the difference between legit/harmless code and malicious code for MScan to be useful to you.

    Yep, to exclude any plugin’s cache folder under the wp-content folder use the > AutoRestore|Quarantine steps for creating wp-content folder and single file exclude rules here > http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#autorestore-exclude-rules

    #39273
    x
    Participant

    ok yes its been quarantining hummingbird (wpmudev cache).

    but also now worried – wpmudev also auto-updates all the sites checking for updated versions of plugins.

    also I manage with infinitewp and it too may do lots of updates for me!

    dont want bps replacing all the updated plugins with the original older versions! unike hummingbird it could update ANY wp-content folders!

     

    #39274
    AITpro Admin
    Keymaster

    AutoRestore Automation uses AJAX trigger functions and hooks into the WP upgrader_pre_install and upgrader_post_install filters. So as long as InfiniteWP is also hooking into the WP upgrader_pre_install and upgrader_post_install filters then everything will work seamlessly.  I know for a fact that ManageWP does hook into the WP upgrader_pre_install and upgrader_post_install filters.  So I assume InfiniteWP is doing that as well. To test this do a remote upgrade/install of WordPress, a Plugin or your Theme and see if there is a problem or not.

    To put ARQ Automation in laymans terms – AutoRestore “listens” for when the WP Upgrader filters are being applied and then performs relevant automated tasks depending on whether the Upgrader is in pre-installation or post-installation. ie ARQ Automation automatically turns itself Off, backs up any new files and then turns itself back On. Whether the WordPress API server or the ManageWP API server or any other API server triggers the WP Upgrader function/filters, AutoRestore will also do what it does automatically based on whichever WP Upgrader filters are currently being applied.

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.