Website pages blank – files quarantined

Home Forums BulletProof Security Pro Website pages blank – files quarantined

Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
    Posts
  • #30341
    guy te watson
    Participant

    WP Auto Update Activated against my will. I had a program installed call Update Control and had Auto Update set to “No” But last night I was doing some troubleshooting and I turned off all plugins and forgot to turn some back on. Update Control was one that was deactivated. This morning I found and activated them including BPS. But WP Auto Updated and it looks like after BPS was turned back on it replaced a lot of files because in cPanel File Manager I find a lot of files Quarantined in the BPS quarantined folder.

    I have replaced the root .htaccess and wp-confit.php files back to default files and no change. I have manually disabled caching plugins and removed the code from the .htaccess and wp-confit.php files, and no change. Is there a way to undo all the quarantined files?  The External XTool of course won’t work because all pages are blank on the site. What can I do from here? I have an updraftplus backup but can’t get in to do that and it’s a year old, though I have not made to many changes in the year, but some.Please Help major problem here!

    In Christ
    guy te

    #30342
    AITpro Admin
    Keymaster

    Important Note: If you have BPS Pro 12.8 or higher versions of BPS Pro installed click this link for quickier and easier steps to fix quarantined files problems: https://forum.ait-pro.com/forums/topic/website-not-loading-after-wordpress-upgrade-or-theme-upgrade-500-error-files-quarantined/. BPS Pro 12.8+ versions automatically deactivate/turn ARQ Off when the /bulletproof-security/ plugin folder is renamed instead of having to use the BPS Pro XTF Form Tools to deactivate/turn ARQ Off.

    Probably the simplest method to restore files for your particular problem scenario would be to use: Solution 1: Manually Copying Folders and Files from the Quarantine Folder or if your web host does file backups automatically then restore all of your website files to yesterday in your web host control panel. Most web hosts do automatic file backups daily. You do not need to restore your WordPress database and would only be restoring website files.

    Important Note:  For your particular problem scenario you should rename the /bulletproof-security/ plugin folder to /_bulletproof-security/ first before doing any of the steps below.  After you have manually copied the folders/files from quarantine then you should be able to use the Xternal Tools Form to deactivate AutoRestore.  After AutoRestore is deactivated you can then rename the /_bulletproof-security/ plugin folder back to /bulletproof-security/.

    http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#ARQ-Troubleshooting

    Solution 1: Manually Copying Folders and Files from the Quarantine Folder:
    As of BPS Pro 11.2, Quarantine creates a mirrored directory structure of the quarantine file source path in the protected Quarantine folder. If Excessive files have been quarantined you can copy the entire folder from the /wp-content/bps-backup/quarantine/ folder back to where the folder and files were quarantined from. Example: All files in folder: /example-folder/ were sent to this quarantine folder: /wp-content/bps-backup/quarantine/somewhere/example-folder/. Copy the /example-folder/ back to where it was quarantined from: /somewhere/example-folder/.  Notes:  AutoRestore should be turned Off before manually copying files from Quarantine back to where they were quarantined from.  After you have manually copied files from Quarantine you can run the Setup Wizard to back up all files and turn AutoRestore back On.  If you are unable to log into your site to turn Off AutoRestore you can use the BPS Pro Xternal Tools Form to turn Off AutoRestore.  You can also use the Xternal Tools Form to delete all files in Quarantine after you have manually copied them from Quarantine.

    #30350
    guy te watson
    Participant

    There are no folders in the quarantine folder. All files are in the root quarantine folder. I can’t find where the files go the files are mostly
    class-wp-customize…
    class-wp-nav…
    class-wp-rest…
    class-wp-widget…
    files. They look like they belong in the wp-includes or wp-admin/includes folder(s) but the names of the quarantined files don’t match names in these folders either that I can tell.

    My backup is monthly and this is a subdomain, so looks like I would have to mess with the regular domain to replace these subdomain files and I don’t want to mess the root domain up by accident at this point. How can I find out where these files belong?

    #30352
    AITpro Admin
    Keymaster

    Since you are not seeing folders in Quarantine then you have a very old BPS Pro version installed.  BPS Pro 11.2 released on 10-11-2015 (about 1 year ago) was the first BPS Pro version where Quarantine was changed to mirror the Source directory structure (create folders in the quarantine folder).  Since you do not have any current file backups that are usable and since you cannot access the Xternal Tools Form then you are going to have to do things the old fashioned way.

    1. Use FTP and rename the /bulletproof-security/ plugin folder to /_bulletproof-security/.
    2. Download the WordPress zip file and unzip it on your computer: https://wordpress.org/download/
    3. Using FTP or your Web Host Control Panel File Manager:
    Upload the entire /wp-content folder to your website.
    Upload the entire /wp-admin folder to your website.
    Upload the entire /wp-includes folder to your website.
    Upload all the WordPress Core root files to your website root folder. There are somewhere around 17 WordPress root files. index.php, wp-activate.php, wp-app.php, wp-blog-header.php, etc.
    4. Use the Xternal Tools Form to deactivate AutoRestore.
    5. Rename the /_bulletproof-security/ plugin folder to /bulletproof-security/.
    6. IMPORTANT!!! When you login to your website do NOT restore files in Quarantine and instead delete them.

    #30354
    guy te watson
    Participant

    Okay I, back up and running by the manual install you described. I installed the new BPS 11.9.1 and have a problem with the “Ignore Hidden Plugin Folders & Files:” feature.  After I put in directories to ignore it just ignores until the next check and then it puts up alerts on those files again an they are still in the ignore list and I have to keep on clicking on the “Save Plugin Folder / Files Ignore Rules”  I have to turn of the HPF Cron for the alert to stop popping up. How do I get the cron to work?  This is happening on two domains now.

    #30355
    AITpro Admin
    Keymaster

    Great! Glad to hear you got your site back up.
    Post the HPF Alerts that you are seeing and the folder names you are putting in the Ignore Hidden Plugin Folders & Files textarea box.

    #30363
    guy te watson
    Participant

    One site here are the folders:
    s2member-logs
    s2member-files

    The other site here are the files and folders:
    embed-it.php
    estore2
    Stats – WordPress.com
    akismet_wp.zip

    #30364
    AITpro Admin
    Keymaster

    Post the HPF Alerts that you are seeing.  I need to see the actual HPF Alerts.  Also please upgrade to the most current version of BPS Pro.  BPS Pro 12 was released yesterday 7-24-2016.  Are you entering the HPF ignore rules using the correct format (comma and a space inbetween each foldername or filename):  foldername, another-foldername, filename, another-filename.

    #30367
    guy te watson
    Participant

    Whoops me mistake, I wasn’t doing the formatting correct, now HPF Alerts are working fine.

    Thanks! for all your help and a really good program that is getting better.

    If you take suggestions, to help people get around problems that people may have because of the WordPress ridiculous auto update by default mechanism, you may want to program into BPS an AutoRestore check upon BSP Plugin Activation, so if it is deactivated and then reactivated AutoRestore feature Gives an Alert and Asks If an AutoRestore should be done and/or checks to see if there has been a WordPress Auto Update done since it was last active. WordPress setting up the Auto Update as a default and no obvious way to turn it off also is a real pain. We should not have to hunt around for a plugin to turn the action off.

    Thanks Again!

    In Christ

    guy te

    #30368
    AITpro Admin
    Keymaster

    Well if you do not deactivate BPS Pro then AutoRestore Automation will kick in an do what it does automatically and seamlessly:  http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#automation  Basically BPS Pro is designed to handle anything automatically as long as it is activated.  If you deactivate BPS Pro then you have just turned Off all BPS Pro automation.  A similar analogy would be your car is stolen because you turned Off your car alarm.  Turning the car alarm On after you car is already stolen does not really do much good because that is not how the car alarm was designed or intended to be used.

    #30687
    Jeff
    Participant

    [Topic has been merged into this relevant Topic]
    On August 17, there appears to have been a hacking attempt that caused 628 files to be placed into quarantine at mbceramics.iomaire.com.  I didn’t do anything about it at the time, though the instructions said to try to restore the files, as there must have been an error or a problem of some kind.  Today, I had an issue with another website hosted by a different company (both have BPS Pro installed) and I decided, for some idiotic reason, to restore the 628 files at the first website.  Once I did that, I lost the ability to do anything other than to stare at the main screen of BPS Pro and I lost the ability to log in using wp-admin.  I can login using wp-login.php, though.  If I try to go anywhere in BPS Pro, all I get is a blank page under the warnings messages.  The portion of the screen starting at “Dashboard” is blank no matter what menu option in BPS Pro I select.

    The other site, which also has BPS Pro installed on it, is down for the count, at least as far as administrative duties are concerned.  It is accessible on the web – townhallmuseum.org – but I can’t get into the back end using either wp-admin or wp-login.php.

    It appears to me that the critical file that was affected in this hacking attempt, which succeeded, was wp-config.php because I have yet another website that was attacked the same day with all of the files modified  except wp-config.  I can log into wp-admin on that site with no problem.

    Sigh …..
    Jeff

    #30691
    AITpro Admin
    Keymaster

    @ Jeff – This doesn’t sound like a hacking problem.  It sounds like a WordPress Major Automatic Update occurred and excessive WordPress files were quarantined.  Are you allowing WordPress Major Automatic Updates on your websites by any chance?  We are aware that if you allow WordPress Major Automatic Updates on your site then there is very good chance that during the Major WordPress Automatic Update, WordPress files that BPS Pro AutoRestore needs to work correctly are being removed/updated/added/etc. during the WordPress upgrade, which of course will cause AutoRestore to fail since the WP files AutoRestore needs to work correctly do not exist during the a WordPress Major Automatic Update.  It is a pretty bad idea in general to allow WordPress Major Automatic Updates on your websites.  WordPress Minor Automatic Updates are fine to allow, which is the default WP setting, because critical WordPress Core files are not being removed/added/installed during a Minor WordPress Automatic Update.

    Use FTP or your web host control panel file manager and send the AutoRestore|Quarantine log file here:  /wp-content/bps-backup/logs/autorestore_log.txt for one of these sites to:  info at ait-pro dot com so I can verify that the problem occurred due to a WordPress Major Automatic Update.

    Update:  This problem was resolved by doing the steps in this reply above:  http://forum.ait-pro.com/forums/topic/wp-auto-update-while-bps-deactivated-then-activated-now-site-has-blank-pages/#post-30352

    #32629
    Marilynn
    Participant

    [Topic has been merged into this relevant Topic]
    After deleting files from Quarantine, I received a white blank page and the website is down. I have tried renaming the plugin to deactivate it but no luck. I cannot login to Dashboard. http://ashlandaudiology.com

    #32631
    AITpro Admin
    Keymaster

    @ Marilynn – Deleting files in Quarantine would not cause white blank pages or the website to crash.  The problem most likely occurred when the files were quarantined.  Use FTP or your web host control panel file manager, download these files and send them to me: /wp-content/bps-backup/logs/autorestore_log.txt, /wp-content/bps-backup/logs/http_error_log.txt and /wp-content/bps-backup/logs/bps_php_error.log. Email address: info at ait-pro dot com.

    #32632
    Jeff
    Participant

    Marilynn – this has happened to me on a number of occasions.  I do not know what causes it, but I do know that the only way to recover is to restore from a backup and then <b>manually</b> update WP to the newest version.  You have to be quick, though, to do the upgrade after the restore, because WP will sometimes discover the “old” version and do the auto-update routine again.  You have to disable BPS Pro before starting the restore process because you most likely have at least three files set to 0400 and that will prevent the restore from running.  So disable BPS Pro, do a restore, then a manual upgrade and then restore BPS Pro and you should be good to go.  I really despise the auto-update “feature” in WP but I’ve never found a way to disable it via a plugin or anything else.

    Jeff

Viewing 15 posts - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.