After running and repairing files, the Revolution Slider no longer works or even shows that it is installed (required by the theme). When I try to re-install, it won’t allow me to saying it is already installed. Any suggestions?
Try deleting the revslider folder in your plugins directory and then reinstall the plugin again. If the scan finds any more threats in those files can you send them to me so that I can inspect them?
When I do a full scan have a lot of skipped files. Is there a way for force them to be scanned.
Yes, you can clear the field that list the file extensions to be skipped, but that is not recommended, those files are skipped for a good reason, and it will just take a whole lot longer to scan them all.
Is there any way to see previous or last scan results, if page reload during the scan.
Not at this time, sorry. You need to stay on the the scan results page until you have dealt with the known threat and then you should run the scan again to be sure it’s all clean. I don’t cache the scan results because they are not relevant after the fix, I am working on a Last Scan Recovery feature though, that should be out by the end of the year.
Yesterday when I scanned the plugin automatically put the into quarantine.
However, today when I scanned it shows all the threats and when I click ‘automatically fix selected files now’ it sits and waits for a long time and nothing happens.
When I click on the button that says ‘it this is taking too long, click here’ it says “The gateway did not receive a timely response from the upstream server or application.”
Not sure what do as I’m guessing the infected files are still there and haven’t been fixed or quarantined?
A Gateway error indicates a problem on your server. There may be something that is interfering with the results coming back with a “timely response”.
I would try continuing to click the Automatic fix button to see if you eventually get a response. Even though the results of the fix are not being displayed it may be cleaning some of those files. If you don’t get anything different after a few tries then run the scan again to see if there are less malicious files detected.
Let me know how that goes…
A few of my clients have securi firewall installed – they asked me if we are using your plugin is there still a need for securi firewall. I didn’t know how to answer that. Please advise.
Every “Firewall” is different and should not conflict with another, but all are as affective or cross-compatible as they should be. New threats are always emerging so you need security software that is top notch and up-to-date. Read the reviews and check the support forums to gauge the quality of each product.
I have identified potential threats on my website.
How do i get it fixed, as there is no option for me to do this
The answer to your question is on my FAQ page where you posted this comment:
Why can’t I automatically remove the “Potential Threats” in yellow?
Many of these files may use eval and other powerful PHP function for perfectly legitimate reasons and removing that code from the files would likely cripple or even break your site so I have only enabled the Auto remove feature for “Know Threats”.
How do I know if any of the “Potential Threats” are dangerous?
Click on the linked filename to examine it, then click each numbered link above the file content box to highlight the suspicious code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to my definition update as a “Know Threat”, then it can be automatically removed.
I got several potential threats in a fresh wp installation. I can safely assume that these are not infections. If I white list them, will they still be scanned and pop up again if there is any change?
And also, what other security plug in will complement best with GOTMLS?
Yes, there may be some core files that use suspicious functions like eval and base64_decode but they are not used in malicious ways (that is why they are not “Known Threats”. If you use the use the Core Files Definitions that is available to premium supporters then these will not be marked as suspicious because their unchanged status can be validated. Likewise, if you white-list these files them they will not come up again unless they are ever modified.
As for other security plugin, I don’t keep track or make any specific recommendation, but I do my best to make sure that my plugin is compatible and does not conflict with any other plugin
I just downloaded your plugin because some of my sites got hacked lately.
I’m trying complete scan instead of quick scan for a better ressult but it seems to get stuck at 0% and no working at all on both of my sites.
I hope you can help me out with this issue.
It was getting stuck on wflogs so I put that on the list of directory to exclude (along with the cache folder) and it is running the Complete Scan now. I strongly recommend you deactivate any caching plugins and delete all cache files as these temp files will take a very long time to scan and they can also cause your site to remain infected even after the threats are removed.
Hi – I’ve downloaded the plugin and placed it into my directory as directed, but I’m unable to activate it because Google has locked the site for suspected Malware. Is there a way around this?
You have to be able to login to your wp-admin to activate my plugin and run any scans. Bu t Google cannot lock your site it can only display warnings about the suspected malware. You can bypass those warnings and access your site anyway. You can also use another browser like Firefox or Opera. Google might own Chrome but they don’t own the whole Internet yet
Hello there, If I make a donation, can I use the beta features on more than 1 website or just one?
Yes, If you register all your sites under the same email then your donation will count for all of them
I was wondering if I can install your “Anti-Malware Security and Brute-Force Firewall” AND Wordfence, and keep BOTH enabled? I currently do NOT have any malware problems on my website. Would using your “Anti-Malware Security and Brute-Force Firewall” program conflict with the FREE version of Wordfence?
There are no conflict with My plugin and Wordfence that I am aware of. Please feel free to use both and let me know if you have any problems.
Excellent plugin, absolutely love it, however one thing that is annoying and I want to know if there is a way to bypass it.
When clicking ‘automatically fix files’ it only runs for about 100-200 files and a popup displays and you have to click ok, and restart the ‘automatically fix files’ once again.
This is a bit annoying when there are 3000+ files that need to be cleaned. Is there a way to bypass this and let it just run?
Message : “Changed 90 files, failed to change the rest, try again to change more.”
Happy to donate if it bypasses this constantly popping up, this tool is fantastic!
Thanks, however this is not a limitation inherent in my plugin but rather a limitation of your server. That pop-up warning is a notification that the fixing process running on your server ran out of memory before it could complete, so you have to click the fix button again (maybe multiple times) to finish the process. You could try increasing the memory limit in your php.ini file but some hosts don’t give you enough memory or access to those configuration option to make that effective. You could also move your site(s) to a more powerful server
Interesting, i’ll have to see next time, the server is huge, (its my server) i have total control over it, and the process went from processing 100-200 down to 10-20 files at a time, but resources looked fine.
Thanks for the reply.
It’s not so much the amount of physical memory in the machine as it is the amount of memory allocated to PHP for a single process. That is why my plugin allows you to run the fix in multiple segments until all threats are fixed if there is not enough memory to fix them all at once.
Check the memory_limit in your php.ini file and try increasing that value to see if it will allow you to fix more threats at once.
If I donate, would I get the extra features for all my domains?
Yes, If you register all your sites using the same email address then they will all be under the same account and your donation will count on all sites.
Hi, after just a few seconds running the scan it gets freezy, what should I do about it? Thank you!
I am looking at getting rid of this code in revslider folder – which I did not install. …/public_html/wp-content/plugins/revslider/temp/update_extract/fullmagic.php Is this safe or should I remove it?
Thanks for sending me those files. I just added that new threat in the fullmagic.php file to my definition updates so that it can now be automatically fixed.
Since you didn’t install revslider on your site I would suggest you remove that whole folder as it is not needed on your site and it may be the reason your site got infected in the first place.
After installing the plugin, I constantly receive file changes messages from a plugin saying that certain files in your plugin have changed. I just want to be sure if this is what your plugin would normally do updates files by itself. Secondly, whenever I go to wp-admin, I received a msg showing this is redirected from a site protected by your plugin. It is not so comforting to see a message when I actually wanted to see the dashboard of wordpress.
It sounds like the session feature on your server is not working consistently. I assume that those “file Change warnings” that you are receiving are related to the temporary php log files that my plugin creates to track brute force login attacks when the session fails. These files would in the “_SESSION” folder inside gotmls/safe-load/
If your login attempts are also being blocked this is another indication of your server failing to maintain a valid session. You can disable the Brute-Force login protection or you can ask your host to investigate why your server is not maintaining persistent sessions. Let me know if I can be of any further assistance in this matter.
I did a complete scan, which found potential threats. However, I could not see any button to fix these. Note that I had not registered at that point. Does the fix button only appear if registered?
Secondly, I have moved away from the results page but can’t see how to get back to it again, assuming I can still fix without running another scan.
Thanks in advance.
You need to register to download the latest definition update. Then my plugin can identify the Known Threat and remove then for you. The scan results are not cached or saved, rightly so, because those last result will be useless and irrelevant once you have downloaded the latest definition updates. You will need to scan again to get accurate results.
Thank you for a great plugin!
I just have a little issue : lately, I’m getting this error on top of the plugin’s page :
Warning: unlink(/home/www/fd13bebdc9340599bf4ef9260d16d29e/web/wp-content/uploads/quarantine/.htaccess) [function.unlink]: Permission denied in /home/www/fd13bebdc9340599bf4ef9260d16d29e/web/wp-content/plugins/gotmls/index.php on line 666
Also, if I try to enable the brute force protection, I get a lot of these kind of errors:
fd13bebdc9340599bf4ef9260d16d29e/web/wp-content/uploads/quarantine/EBBAA.L2hvbWUvd3d3L2ZkMTNiZWJkYzkzNDA1OTliZjRlZjkyNjBkMTZkMjllL3dlYi93cC1jb250ZW50L3RoZW1lcy9nbGFuY2UvaW5jL3RpbXRodW1iLnBocA3.GOTMLS) [function.unlink]: Permission denied in /home/www/fd13bebdc9340599bf4ef9260d16d29e/web/wp-content/plugins/gotmls/index.php on line 660
What can I do to fix this?
Thanks in advance for your help!
You are seeing these error because you had an older version of my plugin that had quarantined infections in a folder on your site called wp-content/uploads/quarantine and the new version of my plugin has imported the Quarantine into the database and has no use for this directory any more. You server is not allowing my plugin to delete these unnecessary files so you are getting these errors. Please delete the quarantine folder (and all of it’s contents), then you will not see any of those errors any more.
Thanks for the gr8 plugin.
Installed the plugin on two sites but have got the following msg
You do not have sufficient permissions to access this page.
I have full admin rights and al files have 755 rights.
I just release a plugin update to fix this error you were getting. Please download version 4.15.44 and let me know if that fixes it for you.
The issue seems fixed with the new version of the plugin you put out.
Thanks for the great software (i’ve donated). I’ve got wordfense installed but I find myself running your scan everyday and it finds new hacks each time. Can you recommend anything that I need to add to once and for all get rid of the php infestation which manages to manifest in new ways each day?
It sounds like you’ve still got some kind of exploitable vulnerability on your server that is letting you get repeatedly reinfected. You can compare the most recent infection time with the activity in your access_log files to se if it’s a script vulnerability on your site. If you can’t find it there then you may just need to move your site to a more secure hosting environment. If you find a new malicious script on your site let me know, otherwise, I do offer Super Secure Hosting for $12/month per site if you are interested.
thankyou. where does your plugin show the infection time?
If you have already cleaned the infected files then you can find the original infection time in the Quarantine.
i’ve insalled your plugin and like it very much. Thank you a lot for you job!
I now get five read/write errors. If i try to open the files in the window the pop-up says “This site is temporarily down for maintenance. Please try again later.”
My server is Apache. I’ve already checked the permissions on these files. They are set the same as the files in the same folder. I can also open these files without problems.
But im not a programmer, I can’t check them directly.
Can you help? Could I send you the files?
Thank you in advance.
Thanks for sending me a login for your site. I was able to figure out that a bug in your PHP interpreter was causing one of the Regular Expressions in my definitions to fail. I have release a new definition update that resolves this issue and your site can once again run the Complete Scan without any errors.
Found your plugin today and installed it. I am told that my site problem is probably a hack.
Ran the plugin and got two back-door threats, which were to unused theme files. I deleted the two themes.
I now get two read/write errors in files that don’t open in the window interface provided in your program. I’ve looked at them (one is about 8000 lines) but have no clue…
Can you help?
Sure, send me those two files and I can check them for you. It may be a permission problem of it might just be that they are too big for your server to scan.
Could “Anti-Malware from GOTMLS.NET” be set for regular automatic site scan with fixing infected files?
A method for scheduling scans in on my do-to-list but it’s not simple matter. I am working on a few different solutions and I hope to have something to satisfy this need ready for BETA testing by the end of the year.
My site hosting service (I can give you the mame offline if needed) is insisting that I still have infected WP admin files after GOTMLS ran a scan and provided a clean scan. (It did find some infected files and cleaned them.!) GOTMLS does show a list of “Potentials” but that list of files does not match the files they insist are still infected. Is there a way to submit these “infected” wordPress files to GOTMLSfor review? The infected files are all in the /wp-admin/ folder. I’m running version WP 4.3.
Can you please email me directly with the infected files that are not found by my plugin so I can add them to my definition updates?
Can I change the email from which I registered? for some reason it was already filled and I didn’t notice this until it was too late
Yes, just login to gotmls.net with the account you already registered with. Then you can either un-register or just transfer your registration directly to another account.
Hi, I would like to use this plugin but I cannot access my wp-admin page because that has been blocked by my host as well.
Ask your host to unblock your site, at least to you, so that you can get it all cleaned up. If you host is completely unhelpful and uncooperative then you should move your site to a better host.
Google says that my site may have been hacked. I’ve been running up-to-date malware scans and it appears clean (except for a few ‘probably fine’ issues).
When i request a review of security issues in the Search Console, they tell me they haven’t detected any issues on the site content. Yet, in Fetch as Google, it looks like some pages have been taken over. ARGH!. i feel like i’m in an endless loop of frustration and clicking through the Google instructions keeps coming back to the same place.
Do you have any additional utils for getting rid of malicious code?
thanks again for the program.
Google is not that good at providing the most up-to-date and accurate information on your site. Often time their warning relate to cached results of pages that have already been clean.
Having said that, Fetch as GoogleBot is a good tool and if it is showing malicious content on one of your pages then it is probably still on there. The problem you face is one of the most frustrating to pin down. Well written SEO Spam infections are the hardest to detect and clean because they are designed to only show up for the search engines and will usually not show up in a regular browser. There is an Add-On for Firefox called User Agent Switcher that I find very helpful. You can make Firefox pretend to be the GoogleBot or another search engine and see what your site looks like then (it works most of the time, but not all the time).
If you can find the malicious output in your HTML source code then you can try to track it back to the PHP source from there. Look at the tags on either side of the malicious code to figure out which template contains the trigger for the injection (it’s usually in the theme’s header or footer). You can also compare your theme files with the original installation to see what files were modified.
Of course the infection could be in a plugin or a WP Core file too. You can use the Core File Check in my plugin to make sure your Core Files have not been modified.
Let me know if you need more help.
Thanks!. I understand just enough of this to be dangerous. I’ll give it a try and let you know.
My website got detected with Malware. I got to know from sitelock.com as I have a basic account that tag to my hosting account.
So since now my website has this malware, how should I install this plugin in the wordpress?
Or should I not install it?
Could you give me some advice?
Thanks a lot.
If you can get into your WP Admin then you should install my Anti-Malware plugin, Activate it, and download the definition update. Then you can run a Complete Scan and clean of any Known Threats that are found.
Hey there admin,
I really want to thank you for your plugin. Got all the threats removed. Did a malware scan on sitelock, result came back with a “GOOD”.
I’m so glad that I have used your plugin. Awesome.
Not sure if the malware will come back or not. If it does, I will need your help again.
Again, thank you for your amazing plugin. I will donate to upgrade to have my core files to check.
I thinking of reinstall my wordpress. If I reinstall, do I need to register again when I install the plugin? What happen if I made the donation upgrade?
Reason of reinstalling is because I found a post, probably created by the malware. Not sure how it got written and published onto my wordpress.
The only thing I can think of login into the back end so I have changed my password.
But I also worry that hacker may use some sort of SQL injection to create the post and I afraid that this would also mean my wordpress database credential got compromise.
So let me know if I need to register again.
I you re-install you should not need to re-register, just check for new definition updates and it will find you registration. Even if you re-install your WordPress database credentials will likely stay the same, You need to use whatever database tools are provided by your host to manually change the DB_PASSWORD and then update your wp-config.php file.
I was trying to log in to my wp admin and got “REDIRECTED” to this and cant access my site – what gives and how do we get this fixed????
You have been redirected here from … [private domain] … which is protected against brute-force attacks by GOTMLS.NET
This error number refers to NO_SESSION_ERROR, It is likely that you tried to login after letting your browser sit on the login screen for long enough that the active Session had expired. I you refresh the login page and then try to login again it should work.
If you just want to remove this login protection you can remove the code at the top of your wp-config.php file, it should look something like this:
if ( file_exists('/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php')) require_once('/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php'); // Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap.
if ( file_exists('/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php')) require_once('/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php'); // Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap.
…but make sure you leave <?php at begining of the top line.
If you are still having trouble or need any more help with this please email me directly.
I am having a similar problem as this. Except when I click sign in, a pop up box says “This form will be sent in a way that is not secure. Are you sure you want to send it?” …. I click send …. and then a 404 error occurs.
That has nothing to do with my plugin Rachel. Your site uses SSL but the login form is posting to a malformed and non-secure page that does not exist on your site. I think some other login security plugin you have installed is braking it, probably because it is not compatible with HTTPS.
I have just installed the plugin and registered. The plugin still seems to be only scanning for potential threats – the other options still have the red circle saying must be registered to get them. How do i activate these. I’m pretty sure I I have Malware becasue my site is behaving very eratically
Apologies, ignore this I just ran the definition updates.
I have downloaded your software and it found 7 files or so that are infected. How do i clean them. this is not my cup of tea. most of them don’t look like threats but one of them has a ton of unusual code.
My guess is that these 7 files are only “Potential Threats” and they are probably not malicious (as it says on the results page you see). If that is the case then my plugin will not offer to fix them and you should not do anything with them either. You can send me the one file that has a ton of unusual code in it if you want me to take a look at it and I will let you know what I think. If there were any files infected with Know Threats or Back-doors then my plugin would offer to fix them.
Looking for help i have registered my site, but when i click update definitions it takes me to a page that says Forbidden. I have since tried to re register the site using the same key but the system says the site is already registered. I must be doing something wrong somewhere! Please help.
This “Forbidden” error that you are getting is probably from a firewall or some other security plugin that you have installed that is trying to block my definition updates. Please experiment with disabling other security measures temporarily to see if you can download the updates and let me know what it was that was preventing the update. If you cannot figure it out on your own you can send me your WP Admin login and I will figure it out for you.
Please help me,
My hosting suspended my account 3 times because of brutefore attack and some kind of process of it.
I installed this tool and patched wp-login and updated/rescan twice all. It was found something in users.php and cleaned it.
However, my site again get suspended under same brute force issue. Shouldnt this prevent it?
I dont know what to do and how to fix it
I try to talk with eurovps to give me one more chance, and I have to download backup, because am not sure if they will give me any more chances.
My plugin should protect your site from most Brute-Force attack but nothing can stop the hackers from trying, even if their attempts are futile. If your host cannot counter the attack and they are putting it on you, and not helping, and suspending your account, then maybe you should switch to a better and more secure host.
I run a Super Secure Hosting server for people who are getting hacked and need a safe place for their site. I could move your site to my server and help you get rid of these hackers if you are open to switching your hosting over. Let me know if you are interested, and how many sites you would need to host with me.
Maybe a stupid but how do I add a gravatar to my profile? I also do not see all the websites where I installed the app. Do I need to go and make sure the same email was registered for each site? I think they are all using the same one.
If you have registered each site using the same email address then you should see then all here: http://gotmls.net/members/
You can add a gravatar for yourself at gravatar.com
Nice plugin! Very thank you! But, sometimes it does not work. I see Only: Loading, Please Wait … http://prntscr.com/65ud20 Sometimes it starts, sometimes not. What could be the problem?
After tonight update my site always redirect to this
You have been redirected here from a site that is protected against brute-force attacks by GOTMLS.NET
I had to disable this plugin and now all works fine.
Sorry for that buggy version 4.14.56, I was missing a “/” in one of my conditions and that messed everything up in that last release.
I have fixed this issue my newest release, please download this new version 4.14.58 ASAP and let me know if that fixes it for you.
Thanks for reporting this bug. Please let me know if there is anything else.
Eli – I have a couple of multi-site installations that are targeted frequently. Any concerns regarding using your plug-in on Multi-site?
I have not used my plugin that much on multi-site but it should work fine. I have even writen some special menu code specifically for multi-site permissions.
Please give it a try and let me know if you have any feedback that might help me improve it.
If I donate and register, can I use it several websites?
You can register and use my plugin on as many sites as you want, and donate as much as you can afford to
The Definition Updates and Plugin Updates have just been spinning where I can’t update the definitions or see what the plugin installation key is so I can update them. Is there something going on, or is there any other way you can help?
Thanks for a AWESOME PLUGIN!!!
This issue is fixed in my new release. Please update to version 4.14.54 and let me know if that fixes it for you.
Hi Eli, first of all thanks and congratulations for a great a extremely useful service! You can count with another donation on the way.
I have a VPS shared hosting account on HostGator with over 20 domains (10+ of them are WordPress). I have installed your plugin at one of them. All domains are addon domains of the main root directory.
Is it possible to set up the complete scan feature to run through my whole root directory, covering all the addon domains from this shared hosting account or I would need to install the plugin individually in each of the WP Admin panels?
I hope this higher level of scam can be set up, since it would help a lot.
Thanks in advance for your time.
If you install my plugin in the root site then it can scan all the sub-directories, including those that contain other sites. You can scan and remove threats from any file under the root path, but some of the protection my plugin offers will on be effective on the site it is installed on, so it would be best o install my plugin on each of your sites.
Thank you for your plugin, it is very useful.
Our website got compromised yesterday evening with a malicious code your plugin doesn’t seems to find.
This malware insert a tag wherever it can find a tag across the files on the server (I found traces of the malicious code in various directory, either be public or not).
The malicious code is injected before the tag. It doesn’t matter if it’s a comment ( /* Be sure to place blablabla before */) or not.
The script tag will call a js file, located at this adress:
One sign a website is compromised is that it will take way longer than usual to load.
PS: our website is running on WordPress, but I don’t know if this malware can be found in other CMS.
I just added this new threat to my Definition Update this morning. If you download the latest definitions then my plugin should be able to find and remove this threat from every infected file on your site.
Please let me know if you find anything that my plugin is still missing after you download the new Definition Updates.
Hi there.. Can this plugin be used in conjunction with your plugin “All In One WP Security & Firewall”??
I certainly can. However, you should know that plugins that call themselves “Firewalls” sometimes block Posting large amounts of data or encrypted data to your site. In some cases this can prevent you from downloading my Definition Updates or even using the WordPress built-in Plugin/Theme Editor.
Good morning Sir,
Let’s start with saying your tool is precious and your help is godsent.
I got my plugins injected with malicious code (currently over 4k known threats detected, as I’m running the complete scan). I fear something went wrong when tried to automatically fix the previously found php files after the quick scan.
What should the box say, apart from “… Loading, Please Wait …“, because this is the only thing I got so far.
My website is in your hands. As well as all my appreciation.
If it’s found that many Known Threat on your site then you should give the “… Loading” screen a few minutes at least. If it really never seems to get anywhere when fixing that many at a time then you should try restarting the scan, and this time watch it closely and click the “Automatically fix…” button for every 50-100 threats it finds (you can have it cleaning as it’s find more at the same time). That way it only has to do smaller batches at a time.
If that does not work and you cannot get it to clean any of the threats found then you can send me your WP Admin login and I’ll take a look at it myself.
Bit of a problem – you need an “abort scan” button. My site is stuck in what appears to be an endless loop of scanning and won’t stop.
It’s not outputting any list or content as it usually does. This happened right after an update of definitions and starting a new “QuickScan.”
I’m not sure how to stop the process since it’s running on my server, but we’re talking going on 10 minutes and no response.
Most definitely needs a STOP SCAN button.
Actually there is not way for me to add an abort button to the Quick Scan because it attempts to run the whole scan under one PHP instance (this is the reason it is so quick and the reason it fails under a heavy server load). Try closing the browser and give it 30 seconds rest before loading the admin pages again. Then try using the Complete Scan. The Quick Scan is really only ideal for a limited set of circumstances. This is why I created the Complete Scan which does have a Pause button and can handle larger scans by breaking up the job over multiple PHP processes.
I am actually considering re-purposing the Quick Scan option to do a selective scan of the most commonly infected areas. The would avoid the current confusion most people seem to have with when to use the Quick Scan option and limit the resource consumption issues like what you may be experiencing now.
I hope this helps and I would be glad to offer more assistance.
my site nezavislost.biz was listed by google as the site containing malware. I have scanned it using different antimalware software (including your Anti_malware plugin) showing always clean status. However, google insists I have malware on my page, even provided links, in which they see malware scripts. However, I am not able to identify any and I am at the end with my actions….. Can you help here please? Peter
I’m not sure why your site is coming up clean on all scan when Google says you are infected. Have you requested a review in your Google Webmaster Tools yet and did they respond with pages that were still infected?
If so, you may have a few threat that have not yet been identified by me or any of the other scanners. If you want to give me your WP Admin login I will look for it and when I find it I can add it to my definition updates so that it can be automatically found and removed.
It seems my wp-login.php file got messed up after taking it to quarantine. When i try to login it downloads the file..is it possible that your plugin caused that or it is hackers that did this. I was under brute force attack yesterday and today, but after quarantining the wp-login, i show i couldn’t log in! Pls help!!
That is strange. The very first time I went to the /wp-login.php URL it did indeed download the PHP file, and I could see that it had not yet been modified by my plugin. Then I tried other /wp-admin/ URLs and was successfully redirected to your /wp-login.php page to login. Now I cannot get it to download the file any more, it only loads the page now (as it is supposed to do), even in another browser.
This strange behavior could be caused by a bad entry in your .htaccess file. Do you have any other plugins that may have modified your .htaccess file?
Perhaps you can find something there that is causing this and can then fix it, if not you can send me you FTP login and I will check it out for you.
hi dont worry about it , it was not your plug in..
I’m trying to find the gotmls plugin key to register on your website. When I go to the gotmls settings or quick scan on my wp plugins page I get the following message: You do not have sufficient permissions to access this page. I am a wp novice, but I wanted to try your plugin because I think the website is infected, as I discovered that any links to it from our facebook page are redirected to aeklsaoqp.ddns.me.uk with a message that says the server cannot be found.
I am sorry for this permission error you are getting. I have recently changed the menu permissions to make my plugin more compatible with multisite, but I have come to realize that not everyone uses the same administrator permissions. Your issue is most likely caused by having the Plugin Editor disabled, or by not having permission to edit files. Once your Administrator account has the right permissions you should see the Anti-Malware menu and you will be able to use the easy one-click registration on the settings page.
If you are not sure how to check and fix these permission issues and you are willing to give me access to your WP Admin then I will fix it for you. You can email login info directly to me: eli AT gotmls DOT net
I was hit with a mal-ware warning from Google tonight, ive downloaded your plug-in, donated and updated, and found a few potential threats which i have fixed.
Ive scanned the site again and its found no threats. But still a bit paranoid theres something suspect in the know threats, ive looked in a couple but i wouldnt know where to start identifying any potential risks. Would it be cheeky to ask for a quick site once over from you if you can find anything else wrong?
No problem. I am a bit busy, but if you can send me a WP Admin login I will chack it out for you.
I would also like to search my whole root directory please since my wordpress is installed in directory
Thanks in advance!
I have updated the scan range on your registration to include the root site. Download the latest Definition Update and you should be able to scan one level higher in the directory hierarchy.
Thanks a lot El!
One more question: i got 3-4 sites that are static html ones (no cms of any kind) in another hosting. How can i use this excellent plugin in order to scan/protect them?
I will eventually get my plugin to work outside of the WordPress infrastructure but until then you would need to have them on the same hosting account as a WordPress site to scan then with my plugin. They would probably be safer on a server with no PHP on it though.
I have expanded the search range on your registration to included the root domain. You’ll need to download a definition update for the change to take effect. You can click the green checkbox in the Definition Updates section to the right of the Scan Setting if you need to force a Definition Update.
Please let me know if it still does not find the threat you are looking for.
Astounding! Many thanks. Going to try that out now. You may just be the fastest draw in the West. *salutes*
Hmmm. I ran it and searched my entire site, but the malware remains unfound and sucuri.net still says my site is infected. Would a database infection alone show up on sucuri? I’m absolutely lost
I replied to the email comment I received with info. Thanks again
Thanks for the login info.
I refreshed the securi scan and there were then different results do I’m looking into that now. I am still look but so far I think your theme has been tampered with. If you still have the install files for that “newsimple” theme you should reinstall it. Switch to another theme so you can completely delete the newsimple theme before you reinstall it.
When I try and activate this plugin I get the below error:
Fatal error: Call to a member function query() on a non-object in /home/UsernameRemoved/public_html/DomainRemoved/wp-content/plugins/gotmls/images/index.php on line 524
Do you know why this is happening?
Any help is much appreciated. If you have any questions, please do not hesitate to let me know.
-= Jerry Campbell =-
You can rem that line out by putting two slashes in front of it or completely remove it. It was meant to clean up settings from an older version when you are upgrading.
Thanks for letting me know about this error. I will fix it and release another plugin update soon.
I was hit with a mal-ware warning from Google when Chrome or Firefox views the site. Ive downloaded your plug-in, updated, and found a few potential threats in my W3 cache.
Next, I deleted the cache, ensured the files in question were gone and had google reexamine the site. Still, they tell me malware exists.
I would be happy to look at it if you want to send me a login to your site.
What details does Google provide about the infection?
You should request a review of your site in Goolge’s Webmaster Tools now. Let me know if there is anything else.
I have a number of sites, I want to use the plug in and register and donate is there anyway to do this besides each site, I will run out of Emails and or accounts, I can use the contact email but my name is the same. I can’t make a donation until Friday, but I am not sure even the hacking has stopped, and I don’t know where else to look for problems. I wanted to contact you direct so I could send an agreeable amount based on the sites. Is this still being worked on?
You can register all the sites using the same email address so that it puts them all under the same account on GOTMLS.NET
Then make just one donation within your budget and appropriate to the number of sites you are registering on that account.
Thanks for stopping by, and let me know if you need any help.
Hello, I love your plugin it has saved my butt several times. But I will get Read/Write errors often after running the scan. How do I correct these Read/Write errors, what should they be? Is there anyway I can get you to lend me a hand with this?
Thank you soooo much for any help you can provide!
The read/write errors are usually because the permissions on a file is such that the web-server process (usually Apache) does not have access to the file. Every server can be setup to run in many different way so there is no one-right-way to set the permissions. A good way to check the file in question is to compare it’s permissions to other files on the server, maybe this file is set to 600 and the others are 644, or the user/group is root/root and the others are you/www-data. A good FTP client like Filezilla can help you check and set permissions on you files.
There may be other reasons why some files on your server cannot be read, so if this does not help you I would be happy to take a look at it for you. If you want more help you can send login credentials to: eli at gotmls dot net
You might want to make potential threats, removable, and also sendable to you, so you can analyze them as known threats.
I will never make potential threat removable because then everyone would remove them, and most of them are ok. If I had more time (i.e. if this were a fully funded project that I could devote 100% of my time to) then I would have a better system for dealing with that grey area between bad and unknown. Right now, if you were to remove all the potential threats it would most likely brake your site and I doubt any of them are actually malicious. So, why are they even there then? Because sometimes new threat arise that are not yet know to me. This then becomes a good place to start looking. I try to help everyone who contacts me for support and the most efficient way for me to do that at this time is for them to give my access to their WP Admin. I am working toward a self-sufficient plugin that requires less help from the programmer (me) and more results for the do-it-your-selfers (you all).
If you want more features and better definitions please donate to support my work on this plugin. Thanks!
Great script, I would love to have it as a go-to in my arsenal of malware scans but I am having one problem.
When I go to update the definitions I am redirected to the homepage of the site and no updates are happening. Is there somewhere I can manually add the new definitions via FTP or something?
There is a manual update that I could help you with if needed, however the symptoms you describe exactly match the effect of that wordpress firewall plugin. If I am right that you are also using that firewall plugin then please disable it temporarily, then perform the update, then re-enable it again.
If that does not work I am more than happy to help you install the update manually.
I’ve registered on your site (and donated) but now can’t log into my wordpress account and I wasn’t able to download the definitions (the register key items were in green). Can you help please?
I was able to login and clear up most of those infections when you gave me your WP Admin login but there were still more that did not match my definitions at the time. I have since updated the definition with those Known Threats but when I try to login to your site it says “The username or password you entered is incorrect”. Did you change the password?
Have you gotten the update cleaned up your site or do you still need my help?
I have also tried emailing you and got no response. I take the time to reply to everyone who contacts me for help, and I consider each request to be an open case until I hear otherwise, so if you don’t need my help anymore please let me know.
Hi Eli -
Happy New Year. Firstly, thank you for your plug-in and this site. It’s scary for a WordPress amateur to wake up to an email announcing that your site has been flagged by Google.
I did a complete Scan on my WordPress site. (6) files have been quarantined, there are a handful of potential threats (which appear to be from legit plugins that I’ve had for awhile) and there were 170 skipped folders.
I’m not sure what to do from here?
Thank you so much.
Thanks for sending me your credentials. I have found and removed the last infection that had been missed. I will be adding this new definition to my updated so that it will help others to find the same threat. I’ll keep an eye on your site for a day or two to make sure nothing comes back if that’s ok with you.
Dear Eli! I have problems with my site. This ordeal began yesterday in the evening. My site redirects users to a virusaffected site. As the company where we have the server received complaints it closed our site partially. I dont know what to do. They tell me to find scripts that is infected and delete them to change all passwords and update wordpress.. As I was looking for a plugin that could help me to find these scripts I found yours. To be honest I have never used your plugin before so I dont know what to do next. Your plugin says that i have 24 potential threats. Please help me just some how? =) This attack came out of a blue and I was not ready for that.. I didnt know to expect it.
I’m happy to help you with this. Without getting into your WP Admin I can only give you general advice based on the info you provide. If you are willing to give the WP Admin access I can check it out for you and let you know.
I am not getting that ‘fix it all’, button? Any ideas?
Did you download the Definition Update?
Are there any “Known Threats”?
NO, there are not any known threats. But I know the beast is still there!
The Repair button only shows up if there are “Known Threats” found.
I don’t see any iframe redirect right now on the from of your site but it sounds like you have a back-door or some security vulnerability that is allowing repeated infections.
Ok, so that button doesn’t come up without there being specific issue. I get that…
I have tried for the last 14 days to eradicate this damn thing and it will not go away.
I am getting black listed. I have delete all of my plugins and tried to do a re-install and it will not complete that without crashing.
I have tried 3 other packages. And I am still getting nowhere.
I have limited funds and was only able to donate 10 bucks to the cause. You seemed to have a lot of support for fixing issues. I only hope you can fix mine.
This is what is continualy being written into almost all of my *.js scripts.
It use to say something else. In fact it was saying something different over the last ten days. Every once in a while it would say a different web site along with an excutable cgi script call..
And I, over the last 2 weeks have periodically overwriting the infected *.js files with an unzipped copy of wordpress 3.4.2 on my local machine.
I needed something to compare to on a file by file basis anyway.
It takes only a littel while and no matter what I do. It re-writes all the *.js files again and only God knows what else is going on.
Removing these infection in this way does not get at the source of the infection. I think there is a php script somewhere on your server that is causing, or at least allowing, these files to get reinfected.
I you send me WP Admin credentials to your site I’ll take a look.
I have a stupid question (as announced): I ran 3 complete scans today and found I have 1 read/write error. What does that mean and what should I do? Thanks for helping a blonde
There are no stupid questions, only stupid answers. So, here is my stupid answer
Read/Write Errors can be caused by a variety problems ranging from permissions to file size or irregular content. I know this does not shed any light on the problem you’re having but without looking at your files and running some tests I can’t really tell you what the problem is in your particular case.
If you want to give me WP Admin access to you site I could look into it for you.
I ran a quick or complete scan on a new WP install, just to be sure. I got “1 read/write error” but clicking the link does nothing and the Scan Details area below just shows a no entry symbol and filled pink rectangle.
I think there might be an .htaccess or permissions problem somewhere on the server, but I don’t know where to check. Can you advise?
The read error means that my plugin could not access that file. You should check the permissions on that file or download it via FTP and send it to me so and I’ll check the file for infections. If you want me to debug to resolve the read error I would need access to your WP Admin.
As to the .htaccess issue, is your WordPress installed in the root of the site or a sub-directory?
Thanks for the help so far.
When you say that I should check the permissions on “that file”, how do I found out which one it is? There is no information in the details window. As far as I’m aware, the plugins folder permissions are set to 755. Is that ok?
To answer your other question, WordPress is installed in a sub-directory but my host insists there is no restriction on writing to any folder.
755 should be ok. Maybe your server doesn’t allocate enough memory to the PHP process to open that file. I am willing to check it out for you if you want to give me access to your site.
I’ve just updated the plugin and downloaded the new definitions (still on WP 3.4.2). I ran the complete scan on 5 of my accounts (all on the same dedicated server) and every one of them is getting stuck at 99% done, with one folder remaining. It’s a different folder in each case. I’m also getting read/write errors on some of the accounts.
It would be soooo much more useful if the progress bar showed which folder got stuck and which file/folder caused the read/write error. I really don’t know where to start looking and I have many more accounts to test. Any further advice would be much appreciated.
I updated the plugin and fixed that bug that caused it to stop at 99%. Thanks for reporting this issue to me. As for the read/write errors, if you click on it you will see a list of the individual files and their errors.
Fantastic, thanks. This is a big improvement.
Please help me! My site which is less than 2 weeks old has been hacked and the majority of my pages come up with a ‘this site has been hacked page’
I’m a novice but have been reading and attempting every hint I find but no luck. Have installed and run your malware and although it removed something, the problem remains. What else can I do??
Your site looks petty clean now. The only thing I see is that the 404 Error page is still hacked. I would be happy to look at the scan results and get rid of that 404 message if you want to give me admin access to your site. You can email credentials directly to wordpress at ieonly dot com.
Thanks for your trust in letting me into your site (it makes it a lot easier to help). I updated the definitions and removed a couple more threats. There is still a bunch of the hacker’s HTML on these two pages:
They are not malicious scripts, just defaced HTML. because they are in the freestyle theme directory I don’t want to mess with them in case I break the site. You can fix this easier anyway in one of two ways:
1. If these files come with the original download of the freestyle theme then just replace them from the originals.
2. If the file is not in the freestyle theme you originally downloaded then delete that file.
Please let me know if that did not fix all the problems. I would be more than happy to look at it again after you fix the theme.
I can’t login. my site admin got redirected
Can you give me the username and password for you admin so I can try?
Thanks for the login info. I got it cleaned, you just needed to download the latest definition file by click the button on the right hand side. I did this for you so your definition file is now updated. I also scanned the root of the public_html directory and fixed the .htaccess file there that was causing your malicious redirect.
Next step: you can request a review of your site using Google Webmaster Tools.
Your email address will not be published. Required fields are marked *
You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>