An attempt to clean up the site failed

Home Forums Support Forum An attempt to clean up the site failed

This topic contains 11 replies, has 2 voices, and was last updated by  Alecs Retin 9 months, 1 week ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #98280

    Alecs Retin
    Member

    I decided to try it, paid the fee and put it on the infected site. Then there was a comedy just. It finds 2 infected files, cleans it and stops its work. I restart it, it finds the same 2 files again, writes that they were infected again and stops working again. And so it was 7 times in a circle.

    #98323

    Anti-Malware Admin
    Key Master

    Thank you for contacting me about this issue. I would very much like to find a solution the the issue you are having with the scan so I will need more information about this “comedy just”…

    First, you have registered multiple sites on this account, which of your sites are having this issue?

    When you say that it “cleans it and stops its work”, can you include if it gives all the indications that it has worked? Did you see all the following indicators:
    1. Did it pop up a box to say “2 files fixed, 0 failed”?
    2. Did it say “Success!” at the end of each file listed in the “Fixing …” results window?
    3. Did it finish with Big green bar that end with the words” it worked”
    4. Did it show a window below the green bar that starts with a green checkbox and the words “Tested your site. It appears we didn’t break anything ;-) ”, and then show a list of all the quarantined files?
    5. If you got that far or if you can got back to the Anti-Malware Quarantine page in your wp-admin for me, then please let me know: are the items listed in the quarantine highlighted in Yellow or are they in Red?

    A screenshot of any of these results would be very helpful, but if you can answer those 5 questions above then I will have a clear understanding of how far the scan and fix process got and can then help you troubleshoot.

    Alternatively, if you would prefer to send me your wp-admin login for this site then I would be happy to troubleshoot the issue directly.

    #98341

    Alecs Retin
    Member

    Good day. Thank you for responding. So I put it on my next site for cleaning. I run a scan – it detects a problem and I click clear https://disk .yandex.ru/i/ZX6l_R-kQlKM0A Then everything was cleaned https://disk .yandex.ru/i/TgpnBkAlwi6onQ I start scanning again and again there are infected files there. And so there were 7 circles around the circle last time, this time I did it 2 times. Here is 1 tool that does not protect but cleans and cleans again and cleans again. And what’s the use of that? And about write – where to write? To grandfather’s village, unless – no mail was given anything. If that’s my Skype: acsac_ Alexander, I’ll give the site data there.

    #98344

    Alecs Retin
    Member

    At first I was happy, I read the reviews, I think it’s a great option. I started to clean and oppa, there is no sense. He cleans and does not protect in any way, again the infection immediately goes. Well, the meaning of this? Where I put it there and deleted it. You will forgive me for writing this, of course, but I am very disappointed.

    #98350

    Anti-Malware Admin
    Key Master

    I understand your disappointment, and I am sorry that you have had this trouble and that my plugin has not helped you solve it, but I am going to help you solve this and/or figure out how you can use my plugin to effectively solve this problem.

    Those screenshots were very informative. I can see that the Fix is successful but I cannot see the quarantine in the little window below the fix results. I hear that these same files are found to be infected when you run the scan again so I need to see the Quarantine log to determine it the reinfection happens immediately or if there is a delay. Can you please send me a screenshot of the Quarantine page with multiple infections of those same two files repeated after multiple attempts to fix them?

    I suspect that you might have cron job running which is setup to keep those files infected (in which case it will have to be stopped with a crontab command on the server), or else there may be an active PHP or PERL process running in an infinite loop so that it never stops replacing those files with the corrupt version (this separate process would also have to be stopped by a kill command on the server). In either case this is not the kind of problem that any plugin can manage without you login into the server’s command prompt. Do you have SSH access to this server or just a control panel login?

    If I can see your Quarantine then I can make a better assessment of which one of these scenarios you are dealing with, and thus help you find the right commands to stop this rogue server process.

    #98384

    Alecs Retin
    Member

    Where should I write to you available? Is Skype convenient for you? I wrote it above. I want to test the same from the experiment.

    #98391

    Anti-Malware Admin
    Key Master

    The best way to reach me is directly through email. You can reply directly to any of these email notification from my forum. I also pinged you on Skype if you would rather find me there, I’m not usually on Skype but I’ll hang out there for a little while if you want to accept my invitation.

    #98439

    Alecs Retin
    Member

    Is it not possible to do a scan from the site to a level above the catalog? For example, a user who has 15 sites and put 1 at /www/data/site1 and what he took scanned the entire data directory Would be very useful, he would immediately check all the folders and it would be easier to remove a lot of work. I would pay extra for that. In fact, from 1 site it would be possible to clear all the sites in the folder.

    #98452

    Anti-Malware Admin
    Key Master

    It could be possible with some code changes but I have found that it can also cause more trouble than it is worth. It is far better to just put my plugin on all your sites and make special considerations for those sites that are not WordPress.

    Just to give you an idea of the problems you may run into when scanning many sites at once, here is a short list of just some of the most common issues:

    1. PHP has a very small memory_limit so the scan process many not be able to index all the files on so many sites all at once.

    2. Even if it is able to build the initial index and start the scan it will likely still take a great amount of time to scan many sites in a linear way, as opposed to installing multiple copies on each site and running multiple scans at the same time.

    3. Timeout and lag-time in large scans can cause scan errors that will make the scan process restart some steps and that could take even longer and render less accurate results.

    4. Some directories above the site root are protected or may have different permissions which can also cause read errors and this will bog down the scan even more.

    5. If there are any sites that are not WordPress then there is a much greater chance of False Positives, which could lead to incorrect modifications in proprietary code that is not malicious, and then could cause site errors.

    6. Some browsers may even crash or lockup before the scan is complete due to the sheer volume of data returned by the scan that the browser has to process.

    These are the main issues that I am familiar with and could recite off the top of my head but I know there are more reasons to avoid combining all the sites into one scan. I know it is an attractive idea to have all your sites scanned at once, but trust me when I say, it is just not practical to expect a PHP page running inside a WordPress plugin to handle that much work efficiently or accurately. There are command-line tools and server-side anti-virus programs that can scan all your folders, they are just not as good as my plugin at identifying and removing malicious code from WordPress files.

    #98457

    Alecs Retin
    Member

    Thanks for your reply. Yes, there are a lot of folders. But as the first solution of this kind, using caching and adjusting the amount is quite possible. After all, you can specify to go in order, collect data not in the browser’s memory, but write it to the same database, for example, then from there with the indication of threads to process. Yes, and you perfectly said that there are solutions from the server side, but their problem is that they usually do not find viruses. But your plugin is a great solution. Of course, therefore, there is a temptation to process many folders at once)

    #98560

    Anti-Malware Admin
    Key Master

    Yes, with a lot of code changes it would be possible to re-purpose my plugin to be more proficient at scanning larger file-systems containing multiple site under conditions where the shared hosting platform permits the PHP process to access all the sites on the account. However, that would require exploiting the biggest vulnerability of cheap shared hosting accounts to access and change the files of one site from the PHP execution of another site. While this is all too common and easy to do in many cases, it is also the main reason that all your sites can be infected with a malicious PHP scripts that makes it way into one weak site.

    Now, wouldn’t it be better all around if each of your sites had more protective permissions so that these malware infection wouldn’t be able to infect every site on your server from just one breach?

    My conclusion is that if the hosting providers implemented a reasonable security scheme then my plugin would then not even be able to access those other sites and could then not scan or clean them, and that would actually make your system even safer.

    #98755

    Alecs Retin
    Member

    In my practice, in 98% of cases, all sites on the lake will have general user rights exactly. And unfortunately, the lack of a tool for general verification will not change this, and vice versa, the presence of such a solution will not make the situation worse. Rather, on the contrary, there will be at least something that really knows how to work with WordPress sites for quick cleaning. It’s good when there are 1-2-5 sites. But when you have 70-120 sites under control, it is very difficult to put and configure everywhere. I would see it as a paid add-on very useful, I would definitely pay extra. It is only necessary to optimize the work so that it somehow flows and does not gain into itself. If you suddenly think about doing it, I think the solution would be very useful and necessary.

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.

Comments are closed.