S3Bubble Support Forums
To stay up to date with the latest S3Bubble updates and tutorials please make sure you sign up to our YouTube Channel.
Forum Replies Created
-
Here is our full conversation with Wordfence if you interested.
Us
Hi All,
Can you please remove our plugin from this list.
Plugin link.
https://wordpress.org/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/
This plugin has been removed for nearly over 2 years now and we just had a user saying it is showing the March most hacked plugins list it only had 10 Active installs & we update 2 years ago.
People are now confusing this with our service. It is affecting our service please I hope you can remove this as soon as possible.
Best Regards
Sam
Them
Hi Sam,
Thanks for reaching out to us. Our monthly attack report is based on real data, so those attacks are happening. It’s likely that they are attacking an old version that had a vulnerability, trying to find sites running out of data software. We’ll update our post to remind people of that fact.
Best regards,
DanUs
Hi Dan,
Thanks for your response that plugin only ever had 10 active installs and hasn’t been updated for over 2 years.
When you say they are attacking an old version does this mean one of the 10 people that installed it, just our users are confusing this with our main plugin?
Best Regards
Sam
Them
Hi Sam,
That is odd. I took a closer look at the data and can share a couple of things. The attack requests all look very similar, trying to download the wp-config.php file from the web server. They are originating from a wide variety of IP addresses. I’m only speculating here, but it seems likely that someone added the exploit to a list that is being shared among attackers or something. I hope that helps.
Best regards,
DanUs
Hi Dan,
Thanks for taking a look when you state this.
The attack requests all look very similar, trying to download the wp-config.php file from the web server.
Can you suggest ways to resolve this, I had a user today stating that the plugin was one 12th on your March most hacked list for this year, I had completely forgotten about that plugin, to be honest, its so old and we remove all the data only 10 installs and over 2 years old and it number 12 for your most hacked plugins this year I’m just confused.
I have spoken to WordPress and they are going to fully remove it from the repo. It must be working from very old data I would really like to resolve this.
Best Regards
Sam
Then radio silence nothing back…
Hi Jay,
Yes we are aware of this, the plugin in question only ever had 10 downloads 2 years ago and is not even listed on the WordPress plugin repo it was removed months ago I have no idea where the stats are coming from we contacted the guys at Wordfence who responded and basically said it must have been added to a hacker list (full email conversation below) so it’s out of our hands unfortunately but I can assure you it has nothing to do with our main plugin feel free to check tho.
Plugin on WordFence
https://wordpress.org/plugins/search/s3bubble-amazon-s3-html-5-video-with-adverts/Our main plugin
https://wordpress.org/plugins/s3bubble-amazon-web-services-oembed-media-streaming-support/Best Regards
Sam
Hi zawan_na,
Yes, you will need to look into how the video has been encoded it will work on YouTube because when you upload a mov to youtube it will encode it into mp4.
From another article.
YouTube uses 4 container formats and 4 different codecs. It depends on the popularity of the video what codecs are used for your video (see below why). Generally, every of your uploaded videos will be encoded in h.264 and will be muxed into an .flv and .mp4 container. That’s the standard and this will happen for every video. Though .flv will only be used for resolutions below 720p. Meaning only 360p and 480p will exist in an .flv container. Though every video below 720p will also have a mp4 version available. For 240p YouTube is also using 3gp which is a rather old codec (based on MPEG-4 Part 2 (not to be confused with MPEG4 Part 10 aka h.264) meant for mobile devices (long before the smartphone era), it comes in the container .3gpp.
If you go to your video in Youtube download manager and download the encoded mp4 and then upload it to S3Bubble it will play fine if it plays on Youtube.
Best Regards
Sam
Hi Both,
Actually delivering timed downloads with S3 is an easy call that can be done with the AWS sdk like this.
// Create a presigned url $request = $s3Client->createPresignedRequest($s3Client->getCommand('GetObject', [ 'Bucket' => 'bucket', 'Key' => 'key' ]), '+5 minutes'); $presignedUrl = (string) $request->getUri();CloudFront is actually a bit of a pain the called required is like below.
// Create a signed URL for the resource using the canned policy $signedUrlCannedPolicy = $cloudFront->getSignedUrl([ 'url' => $streamHostUrl . '/' . $resourceKey, 'expires' => $expires, 'private_key' => '/path/to/your/cloudfront-private-key.pem', 'key_pair_id' => '' ]); The difference being you need to add a private_key and key_pair_id then the pem need to be stored somewhere it just creates extra complexities so that’s probably why they don’t offer it the call above just needs two keys from an IAM user.
Some docs: https://docs.aws.amazon.com/aws-sdk-php/v3/guide/service/cloudfront-signed-url.html
Best Regards
Sam
Hi Jamie,
Can you send me a link to an example of a player where the waveform is not showing, please?
For the Popup window update to the latest version of the plugin and then simply change your code like this for a modal.
[s3bubble codes='QGQT38553' type='modal' modal='"delay": 5000,"link": "https://s3bubble.com/documentation/","width": 800,"showConfirmButton": true' /]Obviously, change to your code.
Best Regards
Sam
