February 25, 2013 at 4:50 am #646
Hi, sorry for my bad english, i’m writing from france. I have a problem with my blog since a lot of people receive an exploit alert. I found two infected files thanks to your tool “counter.php” andÂ ”footer.php”
I just removed the lines with base64**** and I think that the problem was solved. But today i received another alert, and i saw on the FTP that the counter.php file was “edited” yesterday (last modification), so i think that my FTP account is corrupted
I removed again the infection lines (base64) on the counter.php file. And this time, i’ve just changer my FTP password.
Do you think it will solve the problem ?
I just wonder if it will be useful because if my FTP password has been corrupted one, it can be twice, and I should find where the problem come from. Maybe a bad theme or a badÂ plugin (i installed google analytics plugin and maybe it’s infected).
That’s why i needÂ your help.Â Thank youFebruary 25, 2013 at 7:06 am #647
If you keep getting the save files re-infected again and again then you still have a vulnerability on your site, it’s probably not your FTP that is compromised.
There may be a hidden threat or vulnerability that my plugin has not found or you may have other sites on the save server that are still infected and are re-infecting this site. If you want to send me your WP Admin login I will take a look at it for you. You can send your login credentials to me: eli at gotmls dot netFebruary 25, 2013 at 9:51 am #648
There is nothing else, only the blog on that FTP. Did you receive the temp account I created ?
The only plugin I installed is the analytics one, built by an independant dev, so maybe…
Thx for your help !February 28, 2013 at 3:46 am #650
Are you there ? The infection is still here, new threat : http://image.noelshack.com/fichiers/2013/09/1362059200-virus-wordpress.jpgFebruary 28, 2013 at 8:45 am #651
Please accept myÂ sincerestÂ apologies.Â I have been flooded with requests for help and I currently have more work then I can get to in a timely manner. I will take another look at you site now and get back to you very shortly.
Thanks for you patience and understanding.February 28, 2013 at 9:13 pm #652
Just wanted to make sure you saw that I removed those 16 new threats and added this newÂ variantÂ to my definition updates.
Please let me know if you find anything else on you site that you want me to look at.
You must be logged in to reply to this topic.