Jump to content

Archived

This topic is now archived and is closed to further replies.

sfmstudios

Recurring PHP error

Recommended Posts

sfmstudios

I keep getting the attached error message every other day on one of my PL5 sites (http://www.barbarapetriconemassage.com). The file in question is not actually missing when looking at the files via FTP, and the error can get fixed my replacing the /engine/ folder via FTP. 

But then it happens again...I've disabled all plugins except for the Pagelines ones and have tried reinstalling both Wordpress and Pagelines Platform. What would be doing this and, more importantly, how can I fix it?

image.png

Share this post


Link to post
Share on other sites
Simon

Are any files getting renamed?

ask your host if they use any sort of tool that would rename suspect files

Share this post


Link to post
Share on other sites
sfmstudios

Hmmm...yeah, it looks like the /engine/lib/ajax.medialib.php is getting renamed with a "suspected" extension.  Client is on shared hosting, so I supposed I'll have to get in touch with them to see what's going on.  Anything you can think of that would cause this?

Share this post


Link to post
Share on other sites
Simon

Well no, but id love to know why its suspected, obviously if its a shared host there will be others and if wee need to rename something to stop it we will, please let me know ASAP with a ticket.

Share this post


Link to post
Share on other sites
sfmstudios

I've gone back and forth with GoDaddy (my client's hosting provider) and they can't find anything.  I've literally renamed every password (DB, Users) and re-installed Wordpress and all of the plugins (including Platform), but that file keeps getting flagged.  It hasn't happened on any other of my projects, though, including another PL-run site from this same client on the same hosting package.

It looks like I'm just going to end up having to delete the installation and re-install...must be something corrupt in the database...

Share this post


Link to post
Share on other sites
Simon

Its NOTHING to do with the database and NOTHING to do with a plugin or your installation.

An antimalware or antivirus script is running on your server and is flagging ajax.medialib.php as a bad file and renaming it ajax.medialib.suspected

If godaddy support are oblivious to the fact then you are not talking to the actual support people just someone reading off a script.

Trust me, its either some security plugin you have installed or more likely something/script that runs on the server looking for common text that might be malware.

Obviously the file does not have malware in it but we'd love to know what they think is malware.

Please show them this forum post if they need clues or better still get them to email us directly, we'd love to help you out. 

Reinstalling is not going to fix it.

Share this post


Link to post
Share on other sites
sfmstudios

Thanks for confirming everything I've thought from the beginning...I'll see what I can get them to do.

Share this post


Link to post
Share on other sites
Simon
On 4/12/2016 at 2:00 AM, sfmstudios said:

Thanks for confirming everything I've thought from the beginning...I'll see what I can get them to do.

Did you ever hear back from Godaddy?

Share this post


Link to post
Share on other sites
oksodavid

@Simon just had this issue popup (same file: ajax.medialib.php.suspected) on moving a site to Flywheel. They run malware scan on migration and said site is clean. Will let you know if I come up with something.

Share this post


Link to post
Share on other sites
sfmstudios
On June 1, 2016 at 6:00 PM, Simon said:

Did you ever hear back from Godaddy?

They effectively washed their hands of it - I ended up switching the site to a different host and all works fine (new database, too).

Share this post


Link to post
Share on other sites
Simon
9 hours ago, sfmstudios said:

They effectively washed their hands of it - I ended up switching the site to a different host and all works fine (new database, too).

Thats typical. The support people have no idea what the server techs are up to with security.

@oksodavid any news?

Share this post


Link to post
Share on other sites
oksodavid

@Simon Hi, from Flywheel, That is quite odd and a .suspected comes from a security scanning service. Looking over our setup, it doesn't appear to be coming from our scans.

Share this post


Link to post
Share on other sites
Simon
6 minutes ago, oksodavid said:

@Simon Hi, from Flywheel, That is quite odd and a .suspected comes from a security scanning service. Looking over our setup, it doesn't appear to be coming from our scans.

what plugins do you have @oksodavid as obviously our plugin will not rename its own files ;)

Share this post


Link to post
Share on other sites

×