ptarver
Forum Replies Created
-
I only re-activated the plugin this morning, but will update you later.
Would it be possible to provide some basic information about how these .ru signups are being allowed? Is there some cross-posting function they are using to do this? I’m more than slightly concerned that for at least the second time since I’ve been using the plug-in this same sign-up attack has occurred with similar traits and our best solution is to deactivate the plug-in and wait for an update. Does this mean the plugin is not secure?
To add to what @icegram had to say, capturing the ip address of the subscriber and sending it with the new subscriber notice or saving it in the subscriber list would help me tremendously because then I could easily block that user from my server. Unfortunately because the confirmations are sent from my server, the headers of those messages all include my own server ip, not the actual form user. May not be possible, but I have a form builder that easily captures the ip address of the user and I use that in the same way.
Same issue. I’ve tried to block multiple IP addresses on my server, but doesn’t appear to slow things down. Only alternative right now is to disable the plugin until we get an answer.
- This reply was modified 7 years, 7 months ago by ptarver.
Forum: Plugins
In reply to: [Staffer] Individual staff pages lost since upgradeI’m having the same problem and it has caused a major issue for my client. My client wants me to publish direct links to the individual staff pages in a drop down menu item, so I can’t just add the staffer items directly to the menu and all of the items we have in place now have to re-created.
Looks like we’ll be rolling back the plugin to an older version.
I didn’t say that your program had a cron job. What I was said was that when the regular cron runs or when the cron routine is executed (ie whenever someone hits any page), it creates activity that your plugin detects as a false positive because the header contains a match with the bad bots table.
My suggested fix was to disable the bot that matches, but my question was whether if there was a better solution.
Now that you’ve confirmed that as being the best solution, I’ll go with that as my resolution.
Thanks!
PaulUpdate: Ok, I found the pattern. If the domain name contains any portion of the search string, then you get a false positive.
Example 1: any domain that contains the word “pioneer” will trigger the “pioneer” string in the bad bots table.
Example 2: any domain that contains the word ‘yes’ will trigger the “yes/1.1” string in the bad bots table.
Example 3: any domain that end in “es.net” will trigger the “ES.NET” string in the bad bots table.
The short term work around seems to be to disable those bad bot checks that create a false positive. I’m not even sure this could be addressed in the code since it appears that the match method is “contains”.
Any other suggestions?
Thanks!
paulForum: Fixing WordPress
In reply to: Plugin Updates Needed But Not Showing UpI recently upgraded all of my self-hosted WordPress websites to Version 3.9 and the two sites that had the original problem still have this problem. To reiterate the problem is that when you login to either of my sites that have this problem, WordPress shows the little red circles on the Updates and Plugin menu options to show that there are updates to plugins that need to be applied, but if you click on either menu item, the pages that are displayed show that all is well, nothing is shown needing an update and the little red circles on the menu vanish. WordFence reports all plugins that need updating and I can manually delete a plugin and reinstall it and the version numbers are updated on the Plugin screen but all updates have to done completely manually. They cannot be updated from the Plugin screen or the Updates screen.
I’m updating this thread to bump it so that someone might see it that can help.
Forum: Fixing WordPress
In reply to: Plugin Updates Needed But Not Showing UpNice to know I’m not the only one who has seen this. Interestingly enough, I self-host a shared server with multiple WordPress installations and I only have this problem with two sites. I initially thought that perhaps the theme was the issue, but I’m using the same theme on other sites that do not exhibit this behavior. I’ve tried removing all plugins and nothing seems to work. My next thought is to try to replicate the sites in a WAMP Server installation and start taking the sites apart piece by piece to see if anything changes. But I had hoped that someone else had some ideas to help focus my attention. I too use WordFence and this problem existed on my sites prior to WordFence installation as well. At least Wordfence is telling me which plugins need updating, but in order to update, I have to remove the plugins and reinstall them. I never get an option to update the plugins directly.
Forum: Fixing WordPress
In reply to: Plugin Updates Needed But Not Showing UpI find it hard to believe that I am the only person out there that has experienced this problem and that no one has any suggestions that I can try.
Anyone? Anyone?
Forum: Plugins
In reply to: [Testimonial Rotator] I prefer the widget to rotate and the shortcode to listThe version that is installed my website is v1.1.1.
I’ve been focused on building the site and just noticed the update today. Fortunately, I made a backup of the plugin before updating so I was able to get back the functionality I liked. I think it’s a great tool but I can see where web designers might like the option to display rotating testimonials on some pages and lists on other pages, maybe even within a single website.
While we are discussing it, one more question: If I change the css stylesheet in the plugin folder, when I upgrade I’ll lose those changes, correct? If that is true, then could I also suggest making a user-defined stylesheet that could be defined in the shortcode so that changes would not be lost during the upgrade process?
As a followup, I added one of the users to both Group A and Group B and post now appears when I login as this user.
Does this mean that on categories, when you check more than one group, the user needs to be associated with BOTH groups instead of EITHER group?
Forum: Plugins
In reply to: [eShop] [Plugin: eShop] Problem with Category ShortcodeBy the way, if you want to log in and look at the theme code on my site, you are more than welcome to do so.
Forum: Plugins
In reply to: [eShop] [Plugin: eShop] Problem with Category ShortcodeCan you at least add that note to the conflicting plugin section of the online documentation? I checked that page first before even attempting to use both of these products at the same time and had I known back when I started developing this site, I definitely would have made other choices. I’m now within a few days of going live and there’s no way I can at this point.
Forum: Plugins
In reply to: [eShop] [Plugin: eShop] Problem with Category ShortcodeAfter having used eshop for several years with various themes with no problem and even donating previously to the development of eshop, it is very surprising to me to learn this late in the game that Elegant Themes is on your no-fly list. I’ll try your suggestion, but you can’t provide any more details on even what might possibly be the problem nor even what I could be looking for?
Forum: Plugins
In reply to: [eShop] [Plugin: eShop] Problem with Category ShortcodeOk, I switched to Twenty Eleven and all of the items displayed, but the specific page reverted to the default template instead of full width. All plugins were still activated.
I’m using the Modest Theme from Elegant Themes but what I don’t understand is how the theme is affecting eShop’s category query? Any ideas?
Unfortunately, I’ve worked for almost a year with this client getting a theme designed for her that she liked and wanted to move forward with so I really need to try to figure out what is going on. Can you provide any guidance as to what I should be looking for?