Detect and isolate the infection

Home Forums Support Forum Detect and isolate the infection

This topic contains 5 replies, has 2 voices, and was last updated by  Eli Scheetz 11 years, 9 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • February 25, 2013 at 4:50 am #646

    Fontainebleau Tourisme
    Member

    Hi, sorry for my bad english, i’m writing from france. I have a problem with my blog since a lot of people receive an exploit alert. I found two infected files thanks to your tool “counter.php” and ”footer.php”

    I just removed the lines with base64**** and I think that the problem was solved. But today i received another alert, and i saw on the FTP that the counter.php file was “edited” yesterday (last modification), so i think that my FTP account is corrupted

    I removed again the infection lines (base64) on the counter.php file. And this time, i’ve just changer my FTP password.

    Do you think it will solve the problem ?

    I just wonder if it will be useful because if my FTP password has been corrupted one, it can be twice, and I should find where the problem come from. Maybe a bad theme or a bad plugin (i installed google analytics plugin and maybe it’s infected).

     

    That’s why i need your help. Thank you

    February 25, 2013 at 7:06 am #647

    Eli Scheetz
    Member

    If you keep getting the save files re-infected again and again then you still have a vulnerability on your site, it’s probably not your FTP that is compromised.

    There may be a hidden threat or vulnerability that my plugin has not found or you may have other sites on the save server that are still infected and are re-infecting this site. If you want to send me your WP Admin login I will take a look at it for you. You can send your login credentials to me: eli at gotmls dot net

    February 25, 2013 at 9:51 am #648

    Fontainebleau Tourisme
    Member

    There is nothing else, only the blog on that FTP. Did you receive the temp account I created ?

    The only plugin I installed is the analytics one, built by an independant dev, so maybe…

    Thx for your help !

    February 28, 2013 at 3:46 am #650

    Fontainebleau Tourisme
    Member

    Are you there ? The infection is still here, new threat : http://image.noelshack.com/fichiers/2013/09/1362059200-virus-wordpress.jpg

    February 28, 2013 at 8:45 am #651

    Eli Scheetz
    Member

    Please accept my sincerest apologies.  I have been flooded with requests for help and I currently have more work then I can get to in a timely manner. I will take another look at you site now and get back to you very shortly.

    Thanks for you patience and understanding.

    February 28, 2013 at 9:13 pm #652

    Eli Scheetz
    Member

    Just wanted to make sure you saw that I removed those 16 new threats and added this new variant to my definition updates.

    Please let me know if you find anything else on you site that you want me to look at.

    Aloha, Eli.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Comments are closed.