Malware still exists on the site

Home Forums Support Forum Malware still exists on the site

This topic contains 6 replies, has 2 voices, and was last updated by  Anti-Malware Admin 6 years, 1 month ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #2003

    Hi, i’m hoping you might be able to help, more than happy to donate if you think this plugin will help resolve my issue

    I have updated the defintions etc..

    PHP:7.0.1
    Apache
    WordPress:4.9.2
    Plugin:4.17.44
    Definitions:I21Dg

    Your Installation Key is Registered:
    No Newer Definition Updates Available.

     

     

    Scan has been ran with the following results, I have also clicked the fix button…

     
    Known Threats

    …/public_html/wp-content/plugins/fusion-builder/inc/lib/inc/class-fusion-fusionredux.php
    …/public_html/wp-content/themes/Avada/includes/lib/inc/class-fusion-fusionredux.php

    0 Quarantined Files
    Found 0 htaccess Threats
    Found 0 TimThumb Exploits
    Found 0 Backdoor Scripts
    Found 2 Known Threats
    Found 0 Core File Changes

     

    The issue persists still on my website though unfortunately, sucuri online scan suggests the following:
    Known javascript malware. Details: http://labs.sucuri.net/db/malware/rogueads.unwanted_ads?1 <p> <script type="text/javascript" src="//go.oclasrv.com/apu.php?zoneid=1086384"></script>//<![CDATA[
    Should this plugin be able to resolve the above? basically the site appears generally fine however whenever you click anywhere on the page it sends you off to various spam sites.

    Any help would be greatly appreciated :)

    Chris

    #2009

    This issue still remains on this site, I have changed all the passwords etc and the above always comes back again. Having quarantined the above files and running the scan again it is not identifying the problem, could it be within the core files? would it be worth me upgrading the service at this point, like I say, i’m more than happy to contribute if this is the right service to get rid of this issue.

     

    Thanks

    #2010

    Anti-Malware Admin
    Key Master

    The site appears to be clean now. Maybe you just needed to refresh the scan on that sucuri results page, because they will cache the original results and not show that your site is actually clean even after you have cleaned it.

    #2011

    It’s clean at the moment, I’ve only within the post hour reinstalled the clean database, the problem is likely to reoccur within the next 24hours though as it had done previously, I’ll report back if it does as I’ve just changed all the passwords again from a different computer, dB, FTP, host, admin etc. I’ve also overwritten the original wordpress files to see if this helps.

    If it comes back then I’ll let you know as this plugin was not picking up the issue described above.

     

    Thanks

    #2012

    Anti-Malware Admin
    Key Master

    Is that script being injected directly into your database, because if it is then this might not be a vulnerability that can even be stopped by a plugin. If the server has a root vulnerability then there is really nothing you can do to your site or your account to secure it. Your not hosting on TSOHOST by any chance are you? They still seem to be having repeated database injections across many of their DB servers that have nothing to do the user’s security.

    #2013

    it’s vidahost on this one, which I think is part of TSOHOST possibly…? I have raised it with them as an issue on their end potentially but getting the usual scripted responses from them, just making sure I check everything my end but will likely move host if it continues.

    #2014

    Anti-Malware Admin
    Key Master

    Yeah, I just moved somebody else from TSOHOST to my own Super Secure Hosting and the database injections that they were getting every 5 minutes stopped immediately. When they contacted TSOHOST about this continual threat to their TSO BD the support person responded saying only that the vulnerability has already been patched and there in no more danger on their server but the clients old DB on the TSO server continues to be reinfected even though their site was no longer hosted there.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

Comments are closed.