It looks like trouble - mclemon.org

I got a notice that 11 plugins were updated but all the updates are from mclemon.org. The plugins are Advanced Theme Switcher, Comments Plus, CustomPress, Directory, Lock, Posts, MarketPress, Popover Plugin, Pro Sites, Q&A, Set Password on WordPress Multisite and Wiki. Even if legit it does not look good. How do we protect ourselves?

  • Timothy
    • Chief Pigeon

    Hey reflanary.

    I'm not sure I completely understand, could you please elaborate further?

    I got a notice that 11 plugins were updated but all the updates are from mclemon.org

    Is mclemon your site? Or are you saying something is updated from there?

    Ok, now when I look at the Plugin information everything comes up in chinese. What's going on?

    Which version of WordPress and the update plugin are you using so I can look?

    Please include screenshots.

    Take care.

  • reflanary
    • Flash Drive

    Sorry - I'm freaking out a little because it looks really strange. I'm using the latest version of WP. I have several installations, not all are giving me problems. For the 11 plugins that I listed updates are showing that they are available on two domains hosted at Inmotionhosting and on my local (pc) test installation. All agree as to the latest version of update. When I click on the link that says View version () details - where () is version number for the plugin - the information that shows is the same for every plug in but the information is for the wrong plug in - now it's showing info for wpStoreCart LLC. When I close the browser and log back in the info is different. I've never heard of McLemon.org or wpStoreCart. It's not happening at my account at PSEK, by the way. It's bizzare. Why on my local pc but not PSEK? I'm thinking some plugin I tested was compromised but have no idea how to find it.

  • reflanary
    • Flash Drive

    Think I figured it out. On the admin bar in the dashboard it shows the number of updates. You click on that and it shows all the plugins each with a link that says "View version details." If the details are not available it will throw garbage in. By the way, it does happen on the psek site.

  • Timothy
    • Chief Pigeon

    Hey again.

    Why on my local pc but not PSEK? I'm thinking some plugin I tested was compromised but have no idea how to find it.

    So this is only on your local install? So there is anyway I could see whats happening?

    mclemon.org provide this plugin:

    http://wordpress.org/extend/plugins/wp-unread-comments/

    Do you use that one?

    And this is wpstorecart:

    http://wordpress.org/extend/plugins/wpstorecart/

    Are you familiar with that?

    Perhaps even if not activated, they are still in the plugins directory?

    Take care.

  • reflanary
    • Flash Drive

    I've never seen these plugins and have never downloaded them. I'm pretty sure your descriptions are messed up somewhere. I don't think there is a virus - it's some glitch with Wordpress and the way it's looking for your descriptions.

  • reflanary
    • Flash Drive

    Thanks for getting back to me. Actually it is happening on all of my installs, local pc, psek.com and inmotionhosting.com. If I access the sites from my Blackberry Playbook I see the same thing. I'll try to go through the steps:

    Log into locally hosted (Microsoft WebMatrix), go into Dashboard, it shows 18 available updates. This is WordPress 3.3.1., so, it's the latest version. I have the WPMU DEV Update Notifications installed with my API. 15 of the updates are from WPMU - Advanced Theme Switcher, Affiliates, Comments Plus, Custom Press, e-newsletter, Events+, Friends, Lock Posts, Market Press, New Blog Templates, Pop up!, Q&A, Set Password, and Wiki. When I click on the link on top (on top of the Dashboard just below the IE9 menu bar) that has the "18", the list of 18 updates shows up. (I just added a screen shot-I don't see it so hope it shows). If I click on the link that says "View version 1.0.6 details" for Advanced Theme Switcher I get this: If I click on the link for Affiliates (View version 2.4.6 details) I get this: The same thing happens with every WPMU Dev update. If it's not from WPMU everything is fine. For example, the description for the BP Profile Search (View version 2.8 details) looks like this

    Now the really freaky thing is that if I log out and wait a while, the descriptions will change. I don't know how long it will take - I just tried it and it still says "Easy FancyBox-in-a-Box" - I never had this on my machine, by the way.

    I know it's weird. Again, it's happening on my local machine and at least three other sites that have never been merged. I don't know what to think about it. Hopefully the screen shots show. Let me know if you need anything else.

  • Jack Kitterhing
    • Code Norris

    Hi there,

    Thanks for the link, I checked it out, and it appears that it's loading a lot of the files from rocketscript, this normally indicates that is how Cloudflare loads Javascript files, but I have known it on a couple of my clients sites to not play well with it.

    But I don't see Psek mention anything about using cloudflare.

    Everything seems to work fine, have you checked your index.php file in your file manager? Check for base_64 encode or decode things like that, also your themes index file.

    The strange thing is, it's also on your localhosting, do you transfer files between the two?

    Where did you get your Zip of wordpress from?

    Thanks!

    Kind Regards
    Coding-Monkey.

  • reflanary
    • Flash Drive

    The wordpress on the local machine was directly from Microsoft via WebMatrix - I had nothing to do with it. On the other hosts it was from either fantastico or softaculous (?) - so again, I had nothing to do with it. Some of the files on my local machine were downloaded via ftp from psek, while others were downloaded either from Wordpress, WPMU, BuddyDev. I'll do a fresh webMatrix install with some of the older versions of WPMU plugins downloaded directly from WPMU to see what happens. So no copying from other directories and only a few plugins. Give me a few.

  • reflanary
    • Flash Drive

    Ok, did a fresh WebMatrix install. The install created a new folder called Wordpress2. I downloaded the 2.0.4 version of directory and the WPMU DEV Update Notifications plugins directly from WPMUDEV.org. Then I copied the files into the wordpress2/wp-content/plugins. I activated WPMU DEV Update Notifications but not Directory. I did not add my API to WPMU DEV Update Notifications. When I click on the update description of Directory I get this:

    Can't get any cleaner. Thought maybe it was my API so I didn't use it - still same problem.

  • Jack Kitterhing
    • Code Norris

    Hi there,

    Thanks for that, right this of course shouldn't happen,

    I'm wondering if it's something to do with WebMatrix mabye, and I still see no reason why it's rocketscript like this

    <script type='text/rocketscript' data-rocketsrc='http://goalparty.net/wp-content/plugins/bp-gtm-system/_inc/global.js?ver=3.3.1'></script>

    Somewhere, either through a plugin or your hosting, is using RocketScript, part of CloudFlare.

    Do you mind if I provide you a fresh install of Wordpress on my own hosting, using a sub domain url? Then upload your plugins and see what happens.

    Let me know, hopefully that will give a bit more insight into why this is happening for you.

    Thanks!

    Kind Regards
    Coding-Monkey

  • reflanary
    • Flash Drive

    But it's not just WebMatrix - the problem is that it's going to Wordpress to get the description and Wordpress is retrieving garbage for a description. Those descriptions are not on the WPMUDEV server - they are on the Wordpress server. It's happening on all my sites so it can't be WebMatrix.

  • Jack Kitterhing
    • Code Norris

    Hi Reflanary,

    I'm sorry but I can't test using WebMatrix, I'm on a mac right now, I use the same plugins as you on some of my websites, and the descriptions etc, come up as they should never had a problem.

    Which leads me to believe it's either WebMatrix or Cloudflare, but unfortuntely I can't test using either of these methods as I don't have them :slight_frown:

    What happens if you do a clean install of Wordpress on the cloudflare hosting using the official download from http://www.wordpress.org/ ? Still the same problem?

    Thanks!

    Coding-Monkey.

  • reflanary
    • Flash Drive

    No, the site I gave you is on Psek. It's not host specific. Here's the problem I would have doing this on another site - I can only get your plugins by downloading to my machine, then I would need to upload them to the new site - I don't know how to get them into a site without me having to ftp them to the site from my machine. If you could tell me how that would save me a lot of time.

  • Jack Kitterhing
    • Code Norris

    Hi there,

    You can download the plugins then upload in there zip form via Wordpress "add plugins" upload, browse (to look for your file) upload and activate, does that make sense?

    I'm just anonther member here, not staff of any sort :slight_smile: Just like trying to help people reslove their problems :slight_smile:

    Kind Regards
    Coding-Monkey

  • reflanary
    • Flash Drive

    I only need Directory 2.0.4 to test it and WPMU Dev Notifications. I just tried it on an iPage site and same thing. Out of time - can't work on it anymore - I'm convinced that the descriptions don't exist on the Wordpress servers and that is the issue. Just doesn't look good, i.e., you kind of lose confidence.

  • Jack Kitterhing
    • Code Norris

    Hi,

    Someone else please correct with me if I'm wrong, but Wordpress wouldn't have the descriptions for WPMUDEV plugins as they aren't on Wordpress.org, correct?

    I now believe reflanary that is why this happens and that is where your problem lies, sorry I can't be of more help.

    Kind Regards
    Coding-Monkey.

  • Timothy
    • Chief Pigeon

    Our new beta of the notifications plugin can auto install without download or FTPing plugins:

    https://premium.wpmudev.org/forums/topic/wpmu-dev-dashboard-plugin-30-beta-update-notifications

    Someone else please correct with me if I'm wrong, but Wordpress wouldn't have the descriptions for WPMUDEV plugins as they aren't on Wordpress.org, correct?

    Thats correct, well except for the lite plugins of course.

    With regards to the rest of the issues I'm not Mac so can't test the Microsoft thing as my PCs are are still packed away at the moment. However the things I don't generally use is Cloudflare and Webmatrix.

    I always download fresh files from wordpress.org and do a manual install. I may have missed it here, but did you try to manually install WordPress and does it still happen then?

    Were all these installs initially set up with webmatrix and then moved to hosting?

    Certainly odd behaviour as well. I'll ask a couple of others if they have seen this before.

    Take care.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.