Home › Forums › BulletProof Security Pro › website migration files quarantined after Dev Server went live
Tagged: ModSecurity
- This topic has 34 replies, 2 voices, and was last updated 5 years, 1 month ago by AITpro Admin.
-
AuthorPosts
-
MichaelParticipant
Hello!
After we moved the Dev server to Live, I had some issues with BPS Pro, alot of the message notification in the WP Dashboard were linking to the corresponding BPS sub-page: but that page was blank. I thought to delete BPS, and the plugins folder htaccess, and then reinstall a fresh BPS Pro zip. I ran setup, and that worked last night.
This morning the BPS sub-pages are blank again!? But I’m also getting quite a bit of quarantine emails!
AITpro AdminKeymasterDo the steps in this forum topic to restore all quarantined files > https://forum.ait-pro.com/forums/topic/website-not-loading-after-wordpress-upgrade-or-theme-upgrade-500-error-files-quarantined/
For future reference use the steps in this forum topic when migrating/moving websites > https://forum.ait-pro.com/forums/topic/migrating-moving-or-cloning-websites/#post-20407
MichaelParticipantThank You!
But I don’t know what to do because my BPS is blank underneath the status message after a fresh install and successful setup.
Do I need to clear the DB tables?
MichaelParticipantIs this the right file patch for the quarantine?
- wp-content/
-
- plugins
- _bulletproof-security
- admin
- quarantine
AITpro AdminKeymasterThe naming thing just sounds like a “refresh” problem. If you were using your web host control panel file manager then sometimes you need to reload/refresh the page. If you were using an FTP application then you sometimes need to do a refresh.
You probably just need to request a new BPS Pro Activation Key on the BPS Pro Activation page > Setup Menu > Activation. BPS Pro Activation Keys are your website domain URL encrypted. So if anything changes about your website domain URL then you need to request a new BPS Pro Activation Key. That also includes changing the URL Scheme from http to https.
BPS Pro is designed in a way that you would never need to delete/uninstall BPS Pro for troubleshooting or any other reason. BPS Pro has built-in troubleshooting capability which allows you to turn Off all BPS Pro features > https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting
The BPS Pro Setup Wizard has a feature called AutoFix, which will automatically fix and setup some things. The Setup Wizard should be run after doing a website migration. The Setup Wizard can also be run over and over again as needed to automatically fix things > https://forum.ait-pro.com/forums/topic/setup-wizard-autofix/
AITpro AdminKeymasterThe Quarantine folder location is here: /wp-content/bps-backup/quarantine/
MichaelParticipantOk thanks, I’m a bit tired after staying up late dealing with hosting issues etc for the live migration.
I followed the restoration of quarantine files instructions and have my BPS Dashboard back
But I’m still getting a continual stream of quarantined file alert emails.
AITpro AdminKeymasterDid you do all the steps correctly? AutoRestore needs to be turned Off before you copy files from the /quarantine/ folder to your website folders. You then need to run the Setup Wizard after you are done copying all files from the /quarantine/ folder to your website folders. Did you make sure that you changed your website URLs in your database to the new site URLs? Did you make sure that you changed your wp-config.php file database connection information?
MichaelParticipantYes I turned auto-restore off through the recommended method of of renaming folder, restoring quarantine files, then rerunning BPS Setup.
As far as the hosting, I had to recycle our primary site domain, so I had no choice but to backup everything, delete everything.
Then I cloned over the new site without doing the proper BPS procedures.
After all the errors occurred I went in and deactivated/deleted the plugin (BUT LEFT THE DB IN PLACE).
Then I did a fresh install of BPS and activated successfully.
The quarantine is triggering over and over on the same 4 target.
/root/auto.ht_access
/root//wpconfig.php
/wp-content/theme/child-theme/pdf-maker.php
/wp-content/bps_security.old (in folder above plugins) ((this was from a time during DEV when someone had deactivated BPS twice and it started misfiring)).
I’m just going through now and trying to restore these files through BPS dashboard now, but it is these same 3 areas over and over.
MichaelParticipantI have
Total number of Quarantined Files: 340
Those same 4 files over & over, mainly wpconfig.php & makepdf.phpAITpro AdminKeymasterJust delete all the files in Quarantine since each row in the Quarantine table is another instance of a file being quarantined.
MichaelParticipantThat was it!
Once I got rid of the bps_security.old in /wp_content
And deleted everything in quarantine… no more quarantine errors.
Thanks again!
MichaelParticipantEver since our dev to live migration, the quarantine alarm never stops!
It did get better after your help, but I’m not sure what to do, it keeps going off on mundane files.
It’s making me worried that there is malware on the site but our host says there scan returns nothing.
What can I do about these false negatives??
auto_.htaccess
View
Restore
Delete /home/thscorgt/public_html/.htaccess 2019-09-14 08:35:33
fusion-frontend-combined.min.js
View
Restore
Delete /home/thscorgt/public_html/wp-content/themes/Avada/includes/lib/inc/fusion-app/fusion-frontend-combined.min.js 2019-09-14 08:36:45
model-inline-editor.jsDelete /home/thscorgt/public_html/wp-content/themes/Avada/includes/lib/inc/fusion-app/model-inline-editor.js 2019-09-14 08:36:45
custom-functions.phpDelete /home/thscorgt/public_html/wp-content/themes/Avada/includes/custom-functions.php 2019-09-14 08:36:45
avada-privacy.jsDelete /home/thscorgt/public_html/wp-content/themes/Avada/assets/min/js/general/avada-privacy.js 2019-09-14 08:37:42
jquery.nicescroll.jsDelete /home/thscorgt/public_html/wp-content/themes/Avada/assets/min/js/library/jquery.nicescroll.js 2019-09-14 08:37:42
fusion-frontend-combined.min.jsDelete /home/thscorgt/public_html/wp-content/themes/Avada/includes/lib/inc/fusion-app/fusion-frontend-combined.min.js 2019-09-14 08:37:42
model-inline-editor.jsDelete /home/thscorgt/public_html/wp-content/themes/Avada/includes/lib/inc/fusion-app/model-inline-editor.js 2019-09-14 08:37:43
Withdrawal_Form.pdfDelete /home/thscorgt/public_html/wp-content/themes/Avada-Child-Theme/fpdf/Withdrawal_Form.pdf 2019-09-14 08:39:43
AITpro AdminKeymasterThere is no such thing as a false negative or a false positive with ARQ. ARQ checks for file changes by comparing a website file with the good backup copy of that file in ARQ backup. ARQ does not do something defunct/archaic like malware scanners do by scanning files for matching code patterns.
To prevent the Root htaccess file (.htaccess and auto_.htaccess) from being repeated quarantined go to the B-Core > htaccess File Editor tab page > click the Lock htaccess File button and the Turn On AutoLock button.
All of the other files that are being quarantined are theme files. You can’t rely on what your host scanner finds. Malware scanners are defunct/archaic and are very easily fooled/beaten.
Are you doing anything with these files such as updating your theme or manually editing or updating those theme files? If you are doing something with your theme files then you would need to use the AutoRestore|Quarantine Standard Procedural Steps when manually modifying files > http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#procedural-steps or after you are done manually editing or uploading your theme files you can just restore the files in Quarantine.
If you are not doing anything with your theme files then send me a copy of the theme files so I can check them to see if they are being tampered with.
MichaelParticipantThis morning our site went down because of BPS.
We lost DB connection because of a false negative.
I’m going to reinstall BPS, and this time wipe the BPS DB tables.
If this problem keeps happening I will have to switch to another security problem.
-
-
AuthorPosts
- You must be logged in to reply to this topic.