Forum Replies Created
-
AuthorPosts
-
Hey Will,
Just wanted to let you know that I released a plugin update last week that fixes this issue. It also includes a patch for the wp-login.pgp file which is vulnerable to brute-force attacks (even in the newest release of WordPress).
Try out the new version when you get a chance and let me know what you think.
Aloha, Eli
Hey Will, Thanks for stopping by. This is actually a minor bug in how I am calculating the scan status for the progress bar. I should be checking to make sure the scan has started and check at least one file before divide by the total because computers don’t like to divide by zero.
I will have that PHP warning message fixed in the next release of my plugin. Thanks for bringing it to my attention.
Aloha, Eli
Thanks for the login. I don”t see any malware but your site is still blacklisted and WordPress needs to be updated to the newer version. You should start by requesting a review of your site in Google Webmaster Tools. That will clear the malware warning and give you specific information on any remaining infections.
New threats come out all the time. It is possible my plugin is not detecting this new strain. Google should give you the details of the malicious code in your Webmaster Tools account.
You can email me directly with WP Admin credentials for your site and I will find it for you and add it to my definitions for automatic removal.
Aloha, Eli
Leo,
Thanks for reporting this issue. I will make sure that future releases of my plugin do not trigger this warning.
For now, here are three ways you can solve this problem:
- Turn PHP warnings off on your server.
- rem out that line of code on 251 of plugins/gotmls/index.php
- create a folder called quarantine in wp-content
Any of these should do the trick for now as this is not a serious error.
Aloha, Eli
It sounds like you’re all clean and you just need Google to take down that warning?
All you need to do now is request a review of your site in the Google Webmasters Tools:
https://www.google.com/webmasters/tools/malware
If you need more help you can email you WP Admin credentials to me: eli at gotmls dot net
Alan,
My plugin just check files right now (mostly looking for malicious htaccess, php, and javascript). I am working on a more support for database hacks but that’s a very different animal and it’s pretty easy for people to find post and widget injections on their own since they are not encoded.I would love to have a look at your collection of files from the last month of hacks.If you want to give me WP Admin access to your site I could double check it for you.Aloha, EliP.S. Thanks for your donation!
Kimmy,
I have tried to write this plugin so that it would work on a windows server but I have not yet had an opportunity to test it on one. I would be thrilled to use your server to test it make it work. I would fix everything I find to make it work right on your server if you would be willing to give me a WP Admin login.
You can email credentials directly to: eli at gotmls dot net
Aloha, Eli
Just wanted to make sure you saw that I removed those 16 new threats and added this new variant to my definition updates.
Please let me know if you find anything else on you site that you want me to look at.
Aloha, Eli.
Please accept my sincerest apologies. I have been flooded with requests for help and I currently have more work then I can get to in a timely manner. I will take another look at you site now and get back to you very shortly.
Thanks for you patience and understanding.
If you keep getting the save files re-infected again and again then you still have a vulnerability on your site, it’s probably not your FTP that is compromised.
There may be a hidden threat or vulnerability that my plugin has not found or you may have other sites on the save server that are still infected and are re-infecting this site. If you want to send me your WP Admin login I will take a look at it for you. You can send your login credentials to me: eli at gotmls dot net
Thanks for sending me the file. I’ve been looking at that code you sent me and it is definitely a back-door (that does not mean that it is bad), back-doors can be very useful and it’s pretty obvious that they intend to use it to help you. My worry is that their code could be vulnerable to exploitation. I can tell you that they have made many good attempts to secure and limit the use of this file to them alone. So, if you trust them, then it is probably fine to continue using this service. However “probably” is not good enough for me to white-list this back-door (I feel I have labeled it correctly and people should know what they have on their server).The potential for this code to be exploited is not erased in my mind. I will be testing this file even more thoroughly against specific attacks and may yet decide to while-list or at least downgrade it in the future if I find it to be completely safe.
Thanks again for your help in this matter and please let me know if there is anything else I can do.Thanks for bringing this to my attention. I can white-list this file based on it’s contents even if it has varying file names but I’ll need to see the whole file first. I’m not going to white-list anything until I have thoroughly checked it out.
Could you email this file to me: eli at gotmls dot net
I just released an update that fixed this issue. Try it out when have a chance and let me know how it works for you.
Hey Charlie,
I fixed it! the redirect turned out to be in the .htaccess file in your user’s root directory (up one level from your web’s root directory). I expanded the search range of my plugin to look outside the public_html directory and, bang!, it wound it right away.Now that the malicious redirect is out of the way you still are getting 404 errors on all pages except the home page. This is because you are using a permalink structure that requires the following code in the .htaccess file in the public_html directory but it looks like “Better WP Security” has locked down that file (maybe a little too tight). You’ll need to use FTP to put this code back into that file:<IfModule mod_rewrite.c>RewriteEngine OnRewriteBase /RewriteRule ^index\.php$ – [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</IfModule>Let me know if I can be of any further assistance. -
AuthorPosts
