Home › Forums › BulletProof Security Pro › EntityRef php error
Tagged: EntityRef php error
- This topic has 28 replies, 2 voices, and was last updated 11 years ago by Patrick Quirke.
-
AuthorPosts
-
AITpro AdminKeymaster
The PHP Error log is just a text log file where errors are logged. It does not do anything besides just existing as a text log file.
Patrick QuirkeMemberSecurity log is empty
Patrick QuirkeMemberWe have had a quiet few hours so i’ll wait and see and do some more testing.
AITpro AdminKeymasterI just triggered a 403 error on beesoninc.com by attempting to access your Plugins folder and I was of course Forbidden by the Plugin Firewall. Do you see that 403 error in your Security Log?
Patrick QuirkeMemberNo i dont see any security log, its still empty
AITpro AdminKeymasterOk then I need to log into this site and see what is going on. Please create a temporary WordPress Admin login account for me (with a secure password: Example: e@*g34!#9Ty4*!bf6) and send the login to edward at ait-pro dot com.
AITpro AdminKeymasterActually I just scanned this website and it is hacked. You need to restore this website from a good backup. BPS Pro will not automatically clean up a hacked website. In a previous Forum Post you sent me that session file. This website is definitely currently hacked: beesoninc.com. My scanner shows that you have malware on this website.
Please see this Forum Topic for websites that are already hacked prior to installing BPS Pro on them.
Patrick QuirkeMemberBeesoninc.com was previously hacked on a previous hosting server. We just moved it to this new hosting last week with a clean install. If you did a scan you might have seen an old version of results.
AITpro AdminKeymasterThis site is currently still hacked. See this Sucuri Scan result
AITpro AdminKeymasterOk actually I rescanned the website and I see what triggered my scanner to see malware. The site did not return a malware warning on rescan. Will log into the site.
Patrick QuirkeMemberOk thanks for logging in. I now see your 403 error but thats the only error so far. I will keep an eye on that, and start testing the forms again.
AITpro AdminKeymasterAfter logging in I found that the Plugin Firewall was in Test Mode. I turned Off the Plugin Firewall Test Mode, activated the Plugin Firewall and tested your Security Log. Security errors are now being successfully logged. The Plugin Firewall Test Mode is designed to send errors to the Plugin Firewall Test Mode Results box instead of logging them in your Security Log file. So while you are in Test Mode you will not see any errors being logged in your Security Log file.
I ran a couple of quick scans with the Pro-Tools String Finder Tool and the website does not contain any common patterns associated with malware or hacker files.
I noticed you had the Status displays set to display in BPS Pro pages ONLY. This is probably why you did not see the Status for the Plugin Firewall. I recommend that you keep the Heads Up WP Dashboard Status display to display in your WP Dashboard. This will prevent this kind of thing from happening in the future.
I also added a skip/bypass rule for the Yoast WordPress SEO plugin to Custom Code and activated your wp-admin .htaccess file again.
AITpro AdminKeymasterI also visited your site with a different IP address using VPN Protection software and checked your entire site and your contact forms. Everything is working perfectly. Thanks.
Patrick QuirkeMemberFantastic, thank you for all your help.
-
AuthorPosts
- You must be logged in to reply to this topic.