Astra Theme file quarantined

Home Forums BulletProof Security Pro Astra Theme file quarantined

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #37636
    Ljubomir Manojlovic
    Participant

    Hi,

    I have next:

    BPS AutoRestore/Quarantine – ARQ Log
    ====================================
    ====================================

    [BPS Pro 14: wp-content File AutoRestore Logged: julio 13, 2019 18:30]
    Quarantined Filename: class-astra-theme-update.php
    Quarantine Path: /opt/bitnami/apps/xxxblog/htdocs/wp-content/bps-backup/quarantine/wp-content/themes/astra/inc/theme-update/class-astra-theme-update.php
    Restore Path: /opt/bitnami/apps/xxxblog/htdocs/wp-content/themes/astra/inc/theme-update/class-astra-theme-update.php

    Why it happen?

    #37637
    AITpro Admin
    Keymaster

    AutoRestore|Quarantine checks all website files for any changes. Files are checked against files in AutoRestore|Quarantine backup.  If a file is quarantined then either a file change occurred in the theme file or the file is a new file added by your theme. Did you upgrade your Theme?  Did you do anything else with your Theme?  See AutoRestore|Quarantine Guide link below to get a general idea of what AutoRestore|Quarantine is and how it works.

    Reference Link: AutoRestore|Quarantine Guide

    #37638
    Ljubomir Manojlovic
    Participant

    Well, I’m not sure what is going exactly here, but certainly is connected with MainWP (despite that I followed all steps).

    1) So, in that case, I actually didn’t updated Astra (other plugins are updated) and outcome was that. I hardly believe how site was attacked (to not explain why), especially not in the moment of remote updates.

    2) About 10 min ago, I remotely updated FVM plugin in 10 sites and ONLY ON ONE, I get .maintenance in quarantine (??? why?). Again, mostly 100% sure how it is not consequence of attack.

    3) There is basically ZERO times when I did remote updates and that at least one (cannot remember for more than one site per time) didn’t sent me email notification about Auto Restore On/Off (??? – why and why only one?).

    Please be kind and try to explain what is really going on here.

    #37639
    AITpro Admin
    Keymaster

    I don’t think your site was attacked.  I think that the file was added or updated due to something that was occurring at the time.  You can view the file in Quarantine to check it just in case, using the View File option in Quarantine.  If everything looks ok then use the Quarantine Restore File option to restore the file.

    “I get .maintenance in quarantine (??? why?)” – this issue is caused in this case scenario – WordPress adds the .maintenance htaccess file when doing WordPress, plugin or theme updates and is then supposed to delete the .maintenance htaccess file after the update is completed.  If an AutoRestore cron runs before the .maintenance file is deleted or a WordPress error occurs and the .maintenance file is not deleted then the .maintenance file will be quarantined.  In both cases the solution is just to delete the WordPress .maintenance file in Quarantine.

    AutoRestore email alerts can be turned Off on the S-Monitor page.  So check to make sure that the AutoRestore email alerts are not turned Off.  Other possibilities for not seeing the AutoRestore alert email.  The email was sent to your email Junk or Spam folder.  The email address that you are using to send email alerts to is incorrect/invalid on the S-Monitor page.  Your web host flagged the email as Spam and did not deliver the email alert to your mailbox.  Your web host bulk mail queue has a problem occurring currently and there is an extreme delay in sending emails.  Your web host mail server mail config in the php.ini file has some issues/problems.  Another plugin or theme that you have installed is interfering with WordPress Cron jobs or mail functions.  There are probably some more possible causes, but these are the most common.

    #37640
    Ljubomir Manojlovic
    Participant

    1) Yes, I’m also sure that it is not attacked. I just connected cases/situations.

    2) OK, make sense.

    3) Maybe I wrongly exposed it. I’m actually wondering why if I did same operation remotely at same time on 10 sites, ONLY ONE send email (why not 10?). So, my issue is not email, rather number of sites. BTW –  all 10 sites have 100% same configuration including servers.

    #37641
    AITpro Admin
    Keymaster

    Maybe what happened with the AutoRestore email alerts is this – the default AutoRestore email alert setting is set to send the “AutoRestore is deactivated” email alert every 15 minutes.  So maybe only 1 email alert was sent because the Cron job that checks if AutoRestore is deactivated was ready to fire on one site only and not any of the other sites.  You can always test one of your sites by turning AutoRestore Off and waiting 15 minutes to see if the email alert arrives.  Or if you don’t want to wait 15 minutes you can change the S-Monitor > ARQ: When AutoRestore|Quarantine is Turned Off option setting to > Send email alert every 5 minutes.

    #37642
    Ljubomir Manojlovic
    Participant

    Thanks for clearing.

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.