WordPress Core files integrity check

My plugin can now scan your WordPress Core files and compare them with the installation source code available from wordpress.org. This new integrity check could be very helpful for finding new threats hidden in WP Core file. There may be lots reasons, other than malicious threats, for Core files to differ from the original source so this is an optional fix that requires you to check the box next to each file you want to restore. If a Know Threat is found in these files it will still come up as an automatic fix but if not you can now optionally revert any of these modified Core files to the original code.

This new feature is currently only available to those who have donated at the default $29+ level.

Tags: ,
Posted in Updates by Anti-Malware Admin. 15 Comments

SoakSoak bug, round two, still widespread infections

I've been really busy so it's been a while since my last post, but this is really important so thought I should update everyone.

This recent SoakSoak bug infected a lot of WordPress sites through a vulnerability in the Revolution Slider plugin. Apparently the developers know about this security hole back in September but did nothing about it until the exploit was widespread. There is now a new version of Revolution Slider that has been patched but there are also many themes that use this slider that cannot be automatically upgraded. The newest version of my Anti-Malware plugin will automatically block the attempts to exploit this vulnerability on your site, even if you have a vulnerable version of Revolution Slider installed.

The bigger problem is that once you have been hit by this bug then there may be other backdoors planted on your site and your DB password may also have been stolen. Your site can also then be used to spread this infection to other sites. I have seen a new round of this threat that no longer uses the popular IP address in the script source. Now its using a variety of infected domains spread the infection.

This threat is changing all the time so please make sure to download the Definition Updates whenever I release a new one. You can follow my Twitter feed @GOTMLS to get notified of new updates.

[sign_post]

Tags: , , ,
Posted in Updates by Anti-Malware Admin. 2 Comments

Heartbleed vulnerability

heartbleedIf you are hosting an SSL site on a server running OpenSSL version 1.0.1 - 1.0.1f or 1.0.2 with the HEARTBEATS extension turned on then your site has been vulnerable to a Heartbleed attack. You should upgrade to OpenSSL version 1.0.1g, rebuild OpenSSL with -DOPENSSL_NO_HEARTBEATS, or move your site to a more secure host.

Is your site vulnerable to the Heartbleed attack?

Here are four independent sites that will check your server:

https://filippo.io/Heartbleed/
http://www.digicert.com/help/
http://safeweb.norton.com/heartbleed
https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp

Tags: ,
Posted in Updates by Anti-Malware Admin. No Comments

I started a twitter account

I'm going to use this twitter account to post plugin and definition update notices as well as any other important info I need to get out there: @GOTMLS

[sign_post]

Tags: ,
Posted in Updates by Anti-Malware Admin. No Comments

Spanish translation added in last release

Thanks to Andrew Kurtis of webhostinghub.com my plugin has now been translated into Spanish of by Jelena Kovacevic. The new language files were tested and packaged in the last release. Now, if you have WPLANG defined as 'es_ES' in your wp-config.php file then the Anti-Malware Settings and Scan pages will be output en Español :-)

I'm also thinking of creating a facebook page for my plugin to get more feedback and collaboration form my users. Have some big ideas I would like share and get some help with to move this plugin forward. Leave a comment here and let me know what you think. Would you follow me on facebook? comment, Yes or No.

Tags: , , ,
Posted in Updates by Anti-Malware Admin. 2 Comments

direct-install-method

I have had quite a few WordPress users having trouble with plugin upgrades or re-installing plugin that were not completely removed. The problem is that sometime WordPress will not remove the main folder for a plugin that is being upgraded or removed but it will remove all the contents of the folder. So then WordPress does not see that the plugin is installed but it cannot create the directory structure to reinstall it either.

The only thing you can do then is to login to your server via FTP (or a file manager in your hosting control panel) and delete the directory so that it can be re-installed. But for some people that just isn't so easy to get to. So I created this little helper plugin to force the deletion of any plugin's main directory and all of it's contents before upgrading or installing another version of that plugin. It's still under development and I would not recommend installing all your plugins with this one activated, but if you are have trouble upgrading a plugin because the destination directory already exists then this will probably help.

You can download the BETA vesion of this plugin here

Good Luck!

Aloha,
Eli Scheetz

Tags: , ,
Posted in Updates by Anti-Malware Admin. 2 Comments

Happy Birthday to GOTMLS Anti-Malware

Today is the official one-year anniversary of the first release of this plugin on the WordPress Plugin Repository. I feel really positive about how far this plugin has come in the last year. I am also very proud of how many people that my plugin has helped. I've got a lot of plans for improving this plugin so I want to thank those who have made a donation and ask all those who have not yet donated to contribute now. Donations to this project support me making time to work on it and make it better. So don't just use it, support it!

Aloha,
Eli Scheetz
Tags: ,
Posted in Updates by Anti-Malware Admin. No Comments

How did your site get hacked?

Everyone who has had their site hacked wants to know how it happened. Unfortunately there are a lot of way to get hacked and no single method for stopping it. I created this plugin because of a vulnerability in timthumb.php that got widely exploited about a year ago. This very useful timthumb script had a weakness in the way it was written that allowed hackers to place any script on your site thereby enabling them to gain access to your files and spread their infection. A newer and stronger timthumb.php was release to stop this abuse and it is fairly simple to update this file to keep your site from being exploited in this way. One of the things my plugin will do is to find old timthumbs and update them.

But, of course, there are other ways for your server to get infected. Many people don't realise that having their site on a hosting account with other site means sharing the vulnerabilities of all the other sites. Having your site on an isolated account, all by itself, can be a great improvement to your security. You will also need to make sure that your site up-to-date and has no vulnerabilities of it's own. Make sure the plugins and themes you have installed are secure and well trusted.

A lot of people think that they need to change there FTP passwords. This is not a bad idea but it's extremely unlikely that the a hacker is using your FTP account. Once a hacker has exploited a security hole in you website, hosting account, or server they will plant a script on your site to gain full access to your files. Then they don't even need your FTP to inject more malicious code and spread their infection further.

Unfortunately it may be very time consuming and costly to figure out exactly how you got hacked, but stay vigilant and take any security measures you can to avoid being an easy target. With every step you take to secure your site you become harder to hack and less of a target.

Aloha,
Eli Scheetz
Tags: ,
Posted in How To by Anti-Malware Admin. 3 Comments