Help, please! Fixed "known threats" and now my site is broken

Home Forums Support Forum Help, please! Fixed "known threats" and now my site is broken

This topic contains 5 replies, has 2 voices, and was last updated by  W K 4 years, 4 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #731

    W K
    Member

    I have been getting a crash course in WP security thanks to my hosting company suspending my site on Thursday due to a bunch of incursions on my WP installations.  Through this adventure, I found your wonderful plugin, which helped me to clean up that first batch of infections over the weekend.  I ran a fresh round of scans yesterday, and all was still well.  Phew!

    Today, my hosting company informed me their scan is picking up new infections.  Your latest definitions picked up the same ones (the previous definitions, from a day or two ago, which I ran first, do not).  I clicked to “fix automatically”, but got the dreaded red bar.  My site no longer works, nor does my wp-admin page, aside from your scan.  (Even “view quarantine” breaks.)

    I tried to click “revert changes” several times, but nothing happened, and now I don’t see that option any more.

    Here’s the error message from the two “fixed” files:

    Warning: require_once(/home/MYUSERNAME/public_html/MYSITE/wp-content/themes/OptimizePress/lib/admin/admin-interface.php) [function.require-once]: failed to open stream: No such file or directory in /home/MYUSERNAME/public_html/MYSITE/wp-content/themes/OptimizePress/functions.php on line 79

    Fatal error: require_once() [function.require]: Failed opening required ‘/home/MYUSERNAME/public_html/MYSITE/wp-content/themes/OptimizePress/lib/admin/admin-interface.php’ (include_path=’.:/usr/lib/php’) in /home/MYUSERNAME/public_html/MYSITE/wp-content/themes/OptimizePress/functions.php on line 79

    I’ll send you the login info.

    Help, please!  My entire production site is now down.

    Thanks so much,

    Wendy

    #732

    W K
    Member

    I’m having a hard time finding where to email you the credentials.  Is it this?

    wordpress at ieonly dot com

    #733

    W K
    Member

    Okay, I replaced the two “fixed” (actually removed) files, which were essential to the theme and site working.  Now my site is up again.

    I see that my theme has an update, so I’ll install that and see if that fixes the threat.

    I’ll keep you posted.

    #734

    W K
    Member

    Okay, I really do need your help.

    The two files flagged as “known threats” in OptimizePress 1.53 and 1.45 are exactly the same in the latest version, 1.57.  So updating the theme will not help me.

    My hosting company is also flagging these same files and requiring that I “clean” them.  But they are essential to the functioning of my site.

    Can you please tell me what’s wrong with these files?

    http://www.TheProsperousArtist.com/fans/wp-content/themes/OptimizePress/lib/admin/admin-interface.php

    http://www.TheProsperousArtist.com/fans/wp-content/themes/OptimizePress/lib/functions/theme-functions.php

    Thanks so much!
    Wendy

    #735

    Anti-Malware Admin
    Key Master

    It would appear that the OptimizePress theme is using a method of code obfication that matches Known Malicious Threat patterns. I cannot see the code in those two files from the links you provided but if you were to send me those files I could check them out more thoroughly. I have temporarily white-listed this definition and I could create A permanent white-list entry for these files if I can confirm they are harmless.

    Unfortunately I cannot do anything about your hosting provider calling them malicious so you would need to take it up with them too. I may also be worth it to let OptimizePress know that your host is flagging their files as malicious so that they can defend their product.

    If you can email those files to me directly then I will check them out right away and white-list them if appropriate.

    #743

    W K
    Member

    Okay, so clearly that’s a GOOD thing that you can’t see directly inside my WordPress installation. :-)

    I’ll email you the files!

    Wendy

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Comments are closed.