Xternal.php Issues

Home Forums BulletProof Security Pro Xternal.php Issues

This topic contains 9 replies, has 3 voices, and was last updated by  AITpro Admin 2 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #36563

    Living Miracles
    Participant

    Hi,

    Somehow a lot of files got quarantined on my site and my Quarantine page doesn’t even fully load anymore. So, I’m unable to clear the Quarantine of over 100,000 files. I’ve tried using the xternal.php file to delete all the quarantined files, but I get an error: Connect failed: Unknown MySQL server host ‘n1033499540459.db.3499540.0be.hostedresource.net:3308’ (0)

    I tried also to turn of ARQ using the xternal.php file and that worked, so I’m not sure what would be the problem here.

    Can you suggest another way for me to clear the Quarantine successfully? I even tried to just delete the whole bps-backups folder but the Quarantine still shows over 100,000 files (even though the files are gone when I look via FTP).

    Thank you!

    #36564

    AITpro Admin
    Keymaster

    The error message means your wp-config.php file was quarantined and does not have valid DB connection info in it.

    I have a feeling that this problem may have been caused by trying to use the AutoRestore “Add Files” feature.  If you add additional folders and files for AutoRestore to check that are other websites then you will run into problems.  AutoRestore is designed to monitor only its own WP files.  You can add other non-WP folder and files to monitor under your hosting account without running into any problems.

    For future reference we created a much easier way to turn off/deactivate AutoRestore, which is you would use FTP or your web host control panel file manager and rename the /bulletproof-security/ plugin folder to /_bulletproof-security/, visit your website once and then rename the /_bulletproof-security/ plugin folder back to /bulletproof-security/.

    With that said, you can try using the Xternal Tools “Restore All Files in Quarantine” tool, but 100,000 files may simply be too much for your server to process at one time.  If that does not work then I recommend that you restore your site(s) from a backup.  Note: An average WordPress site has somewhere around 2,000-5,000 WP Core files + theme files.  Depending on how many plugins you have installed you might have another 5,000 plugin files. So 100,000 files sounds like multiple WP sites instead of just 1 WP site.

    https://forum.ait-pro.com/forums/topic/xternal-tools-xtf-guide/

    Restore All Files in Quarantine
    Usage:  If you are unable to log into your site due to a problem with AutoRestore|Quarantine (ARQ) and legitimate files being quarantined, select the Restore All Files in Quarantine XTF Form option and click the Submit Xternal Tools Form button. If you manually edited your wp-config.php file and added new Database connection information and the wp-config.php file was quarantined and you are unable to login to your site you can turn off ARQ and select the Restore All Files in Quarantine XTF Form option to restore your wp-config.php file. Your website is displaying blank/white due to files being sent to Quarantine. Select turn off ARQ and select Restore All Files in Quarantine XTF Form options. If excessive files have been quarantined you can turn off ARQ and either delete or restore all files by selecting the Delete All File In Quarantine or Restore All Files In Quarantine XTF Form options.

    #36565

    AITpro Admin
    Keymaster

    If files do not actually exist in the Quarantine folder here > /wp-content/bps-backup/quarantine/ then another option to delete all of the Quarantine database rows in the Quarantine table is to use the BPS Pro > Pro-Tools > DB Table Cleaner|Remover tool. You would select this DB Table > xx_bpspro_arq_quarantine, choose Drop and then click the Empty|Drop button.

    #36570

    Living Miracles
    Participant

    Thank you so much for the help. I dropped the table you recommended via Pro Tools and the Quarantine page is loading fine now with no files showing up! Yay 🙂

    Also, you might be right about an incorrect rule in ARQ. I’ve been getting malicious file uploads to the /wp-content/mu-plugins folder and ARQ hasn’t been catching those so I tried to add this folder to ARQ and after that I saw this massive amount of files in the Quarantine (they’d been getting quarantined over and over for days… hence over 100,000 files). Should I not add this mu-plugins folder to ARQ for checking? We have gotten repeated malicious gd-lib.php files uploaded to this directory and ARQ is simply not catching this file anytime it gets uploaded. Any thoughts you have about how to secure that folder correctly is appreciated!

    #36571

    AITpro Admin
    Keymaster

    By default AutoRestore creates a wp-content folder exclude rule for the mu-plugins folder in more recent versions of BPS Pro.  If you would like to have AutoRestore check the mu-plugins folder then you would just need to remove/delete the mu-plugins folder rule on the AutoRestore > Exclude wp-content Folders tab page.

    Go to the AutoRestore > Exclude wp-content Folders tab page.
    Delete/remove the exclude rule for:  mu-plugins.
    Click the Save Folder Exclude Rules button (automatically turns AutoRestore Off).
    Go to the AutoRestore|Quarantine tab page and click the wp-content Files > Backup Files button.
    Turn AutoRestore back On.

    I highly recommend that you contact your web host and make sure that this file is not a file that your web host is intentionally putting in the mu-plugins folder.  If you are using Wordfence it will tell you the file is malicious, but it may or may not be.  So check with your web host about this file.

    #36574

    Living Miracles
    Participant

    Thank you! Forgot about that… I did see before that the mu-plugins folder gets excluded automatically 🙃

    Thanks for the recommendation to check with our hosting. We’ve confirmed that the file contains malicious code—we actually use Sucuri and they’ve found some kind of backdoor in this file… so, yea. Confirmed malicious, but thank you for the suggestion!

    #36575

    Living Miracles
    Participant

    Do you foresee any issues with including the mu-plugins folder in ARQ. The site this thread is about is on GoDaddy Managed WordPress hosting 😬

    #36576

    AITpro Admin
    Keymaster

    Nope, it used to be the default to automatically include the mu-plugins folder.  So everything will work fine.  I believe the default setting to automatically exclude the mu-plugins folder was changed due to user complaints either last year or the previous year. People complained that other plugins that add files in the mu-plugins folder were being quarantined. Probably not a good choice to comply with those complaints. 😉

    #37987

    Martinez
    Participant

    Now database queries and default wordpress functionality all works fine, but I also call some functions provided by a plugin (namely advanced custom fields, the problem however affects other plugins as well as I tested) the following php error is returned.

    #37989

    AITpro Admin
    Keymaster

    @ Martinez – Please describe the original problem, the steps you used to fix the original problem and the problem that is currently occurring now.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.