website migration files quarantined after Dev Server went live

Home Forums BulletProof Security Pro website migration files quarantined after Dev Server went live

This topic contains 34 replies, has 2 voices, and was last updated by  AITpro Admin 2 months ago.

Viewing 15 posts - 1 through 15 (of 35 total)
  • Author
    Posts
  • #37875

    Michael
    Participant

    Hello!

    After we moved the Dev server to Live, I had some issues with BPS Pro, alot of the message notification in the WP Dashboard were linking to the corresponding BPS sub-page: but that page was blank.  I thought to delete BPS, and the plugins folder htaccess, and then reinstall a fresh BPS Pro zip.  I ran setup, and that worked last night.

    This morning the BPS sub-pages are blank again!?  But I’m also getting quite a bit of quarantine emails!

    #37876

    AITpro Admin
    Keymaster

    Do the steps in this forum topic to restore all quarantined files > https://forum.ait-pro.com/forums/topic/website-not-loading-after-wordpress-upgrade-or-theme-upgrade-500-error-files-quarantined/

    For future reference use the steps in this forum topic when migrating/moving websites > https://forum.ait-pro.com/forums/topic/migrating-moving-or-cloning-websites/#post-20407

    #37877

    Michael
    Participant

    Thank You!

    But I don’t know what to do because my BPS is blank underneath the status message after a fresh install and successful setup.

    Do I need to clear the DB tables?

     

    #37878

    Michael
    Participant

    Is this the right file patch for the quarantine?

      wp-content/

      1. plugins
      2. _bulletproof-security
      3. admin
      4. quarantine
    #37879

    AITpro Admin
    Keymaster

    The naming thing just sounds like a “refresh” problem.  If you were using your web host control panel file manager then sometimes you need to reload/refresh the page.  If you were using an FTP application then you sometimes need to do a refresh.

    You probably just need to request a new BPS Pro Activation Key on the BPS Pro Activation page > Setup Menu > Activation.  BPS Pro Activation Keys are your website domain URL encrypted.  So if anything changes about your website domain URL then you need to request a new BPS Pro Activation Key.  That also includes changing the URL Scheme from http to https.

    BPS Pro is designed in a way that you would never need to delete/uninstall BPS Pro for troubleshooting or any other reason.  BPS Pro has built-in troubleshooting capability which allows you to turn Off all BPS Pro features > https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    The BPS Pro Setup Wizard has a feature called AutoFix, which will automatically fix and setup some things. The Setup Wizard should be run after doing a website migration. The Setup Wizard can also be run over and over again as needed to automatically fix things > https://forum.ait-pro.com/forums/topic/setup-wizard-autofix/

    #37882

    AITpro Admin
    Keymaster

    The Quarantine folder location is here:  /wp-content/bps-backup/quarantine/

    #37883

    Michael
    Participant

    Ok thanks, I’m a bit tired after staying up late dealing with hosting issues etc for the live migration.

    I followed the restoration of quarantine files instructions and have my BPS Dashboard back

    But I’m still getting a continual stream of quarantined file alert emails.

    #37884

    AITpro Admin
    Keymaster

    Did you do all the steps correctly?  AutoRestore needs to be turned Off before you copy files from the /quarantine/ folder to your website folders.  You then need to run the Setup Wizard after you are done copying all files from the /quarantine/ folder to your website folders.  Did you make sure that you changed your website URLs in your database to the new site URLs?  Did you make sure that you changed your wp-config.php file database connection information?

    #37885

    Michael
    Participant

    Yes I turned auto-restore off through the recommended method of of renaming folder, restoring quarantine files, then rerunning BPS Setup.

    As far as the hosting, I had to recycle our primary site domain, so I had no choice but to backup everything, delete everything.

    Then I cloned over the new site without doing the proper BPS procedures.

    After all the errors occurred I went in and deactivated/deleted the plugin (BUT LEFT THE DB IN PLACE).

    Then I did a fresh install of BPS and activated successfully.

    The quarantine is triggering over and over on the same 4 target.

    /root/auto.ht_access

    /root//wpconfig.php

    /wp-content/theme/child-theme/pdf-maker.php

    /wp-content/bps_security.old (in folder above plugins)  ((this was from a time during DEV when someone had deactivated BPS twice and it started misfiring)).

    I’m just going through now and trying to restore these files through BPS dashboard now, but it is these same 3 areas over and over.

     

    #37886

    Michael
    Participant

    I have

    Total number of Quarantined Files: 340
    Those same 4 files over & over, mainly wpconfig.php & makepdf.php

    #37887

    AITpro Admin
    Keymaster

    Just delete all the files in Quarantine since each row in the Quarantine table is another instance of a file being quarantined.

    #37888

    Michael
    Participant

    That was it!

    Once I got rid of the bps_security.old in /wp_content

    And deleted everything in quarantine… no more quarantine errors.

    Thanks again!

    #37890

    Michael
    Participant

    Ever since our dev to live migration, the quarantine alarm never stops!

    It did get better after your help, but I’m not sure what to do, it keeps going off on mundane files.

    It’s making me worried that there is malware on the site but our host says there scan returns nothing.

    What can I do about these false negatives??
    auto_.htaccess
    View
    Restore
    Delete /home/thscorgt/public_html/.htaccess 2019-09-14 08:35:33
    fusion-frontend-combined.min.js
    View
    Restore
    Delete /home/thscorgt/public_html/wp-content/themes/Avada/includes/lib/inc/fusion-app/fusion-frontend-combined.min.js 2019-09-14 08:36:45
    model-inline-editor.js

    Delete /home/thscorgt/public_html/wp-content/themes/Avada/includes/lib/inc/fusion-app/model-inline-editor.js 2019-09-14 08:36:45
    custom-functions.php

    Delete /home/thscorgt/public_html/wp-content/themes/Avada/includes/custom-functions.php 2019-09-14 08:36:45
    avada-privacy.js

    Delete /home/thscorgt/public_html/wp-content/themes/Avada/assets/min/js/general/avada-privacy.js 2019-09-14 08:37:42
    jquery.nicescroll.js

    Delete /home/thscorgt/public_html/wp-content/themes/Avada/assets/min/js/library/jquery.nicescroll.js 2019-09-14 08:37:42
    fusion-frontend-combined.min.js

    Delete /home/thscorgt/public_html/wp-content/themes/Avada/includes/lib/inc/fusion-app/fusion-frontend-combined.min.js 2019-09-14 08:37:42
    model-inline-editor.js

    Delete /home/thscorgt/public_html/wp-content/themes/Avada/includes/lib/inc/fusion-app/model-inline-editor.js 2019-09-14 08:37:43
    Withdrawal_Form.pdf

    Delete /home/thscorgt/public_html/wp-content/themes/Avada-Child-Theme/fpdf/Withdrawal_Form.pdf 2019-09-14 08:39:43

    #37891

    AITpro Admin
    Keymaster

    There is no such thing as a false negative or a false positive with ARQ.  ARQ checks for file changes by comparing a website file with the good backup copy of that file in ARQ backup.  ARQ does not do something defunct/archaic like malware scanners do by scanning files for matching code patterns.

    To prevent the Root htaccess file (.htaccess and auto_.htaccess) from being repeated quarantined go to the B-Core > htaccess File Editor tab page > click the Lock htaccess File button and the Turn On AutoLock button.

    All of the other files that are being quarantined are theme files.  You can’t rely on what your host scanner finds.  Malware scanners are defunct/archaic and are very easily fooled/beaten. 

    Are you doing anything with these files such as updating your theme or manually editing or updating those theme files?  If you are doing something with your theme files then you would need to use the AutoRestore|Quarantine Standard Procedural Steps when manually modifying files > http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#procedural-steps or after you are done manually editing or uploading your theme files you can just restore the files in Quarantine.

    If you are not doing anything with your theme files then send me a copy of the theme files so I can check them to see if they are being tampered with.

    #37896

    Michael
    Participant

    This morning our site went down because of BPS.

    We lost DB connection because of a false negative.

    I’m going to reinstall BPS, and this time wipe the BPS DB tables.

    If this problem keeps happening I will have to switch to another security problem.

    https://lh3.googleusercontent.com/-XvoBJQkGqGQ/XX-eCc5udGI/AAAAAAAABqA/Rs5Z80g7Db4i0iS24C6tfNsDArB-e1TmACK8BGAsYHg/s0/2019-09-16.png

Viewing 15 posts - 1 through 15 (of 35 total)

You must be logged in to reply to this topic.