Home › Forums › Support Forum › Malware still exists on the site
This topic contains 6 replies, has 2 voices, and was last updated by Anti-Malware Admin 6 years, 10 months ago.
-
AuthorPosts
-
February 3, 2018 at 12:28 am #2003
Hi, i’m hoping you might be able to help, more than happy to donate if you think this plugin will help resolve my issue
I have updated the defintions etc..
PHP:7.0.1
Apache
WordPress:4.9.2
Plugin:4.17.44
Definitions:I21DgYour Installation Key is Registered:
No Newer Definition Updates Available.Scan has been ran with the following results, I have also clicked the fix button…
Known Threats…/public_html/wp-content/plugins/fusion-builder/inc/lib/inc/class-fusion-fusionredux.php
…/public_html/wp-content/themes/Avada/includes/lib/inc/class-fusion-fusionredux.php0 Quarantined Files
Found 0 htaccess Threats
Found 0 TimThumb Exploits
Found 0 Backdoor Scripts
Found 2 Known Threats
Found 0 Core File ChangesThe issue persists still on my website though unfortunately, sucuri online scan suggests the following:
Known javascript malware. Details: http://labs.sucuri.net/db/malware/rogueads.unwanted_ads?1 <p> <script type="text/javascript" src="//go.oclasrv.com/apu.php?zoneid=1086384"></script>//<![CDATA[
Should this plugin be able to resolve the above? basically the site appears generally fine however whenever you click anywhere on the page it sends you off to various spam sites.Any help would be greatly appreciated
Chris
February 5, 2018 at 9:57 am #2009This issue still remains on this site, I have changed all the passwords etc and the above always comes back again. Having quarantined the above files and running the scan again it is not identifying the problem, could it be within the core files? would it be worth me upgrading the service at this point, like I say, i’m more than happy to contribute if this is the right service to get rid of this issue.
Thanks
February 5, 2018 at 10:37 am #2010The site appears to be clean now. Maybe you just needed to refresh the scan on that sucuri results page, because they will cache the original results and not show that your site is actually clean even after you have cleaned it.
February 5, 2018 at 10:53 am #2011It’s clean at the moment, I’ve only within the post hour reinstalled the clean database, the problem is likely to reoccur within the next 24hours though as it had done previously, I’ll report back if it does as I’ve just changed all the passwords again from a different computer, dB, FTP, host, admin etc. I’ve also overwritten the original wordpress files to see if this helps.
If it comes back then I’ll let you know as this plugin was not picking up the issue described above.
Thanks
February 5, 2018 at 11:31 am #2012Is that script being injected directly into your database, because if it is then this might not be a vulnerability that can even be stopped by a plugin. If the server has a root vulnerability then there is really nothing you can do to your site or your account to secure it. Your not hosting on TSOHOST by any chance are you? They still seem to be having repeated database injections across many of their DB servers that have nothing to do the user’s security.
February 5, 2018 at 11:39 am #2013it’s vidahost on this one, which I think is part of TSOHOST possibly…? I have raised it with them as an issue on their end potentially but getting the usual scripted responses from them, just making sure I check everything my end but will likely move host if it continues.
February 5, 2018 at 1:39 pm #2014Yeah, I just moved somebody else from TSOHOST to my own Super Secure Hosting and the database injections that they were getting every 5 minutes stopped immediately. When they contacted TSOHOST about this continual threat to their TSO BD the support person responded saying only that the vulnerability has already been patched and there in no more danger on their server but the clients old DB on the TSO server continues to be reinfected even though their site was no longer hosted there.
-
AuthorPosts
You must be logged in to reply to this topic.