Hello Eli,
I am so thankful that your plugin is out there – I have used it and eliminated threats on my own site, thank you. And just installed it on a new site and now, if possible I need your help please.
I am writing about a site that I scanned with your most recent definitions, as well as BackupBuddy’s malware scan and Securi’s free malware scan. Nothing shows up and the site is scanning clean…But, There are 35 potential threats from your scan – & there have been two indications that something is not right. McAfee just told me it’s a harmful website & when i went to download my backup, avast told me it had blocked the download due to a virus. I don’t think I’m using any iffy plug ins … is it possible you can help me decipher if these potential threats are the bad guys? Thank you! Cheers, Lisa
I sure can. If you email me your WP Admin login I will take a look at those Potential Threats for you. If I find anything malicious on you site I will add it to my definition update so it can be automatically removed.
Lisa,
Thanks for sending me your login info (also, thanks for making a donation, that really help me keep this project going!)
I found the backdoor in alot.php along with hundreds of HTML files in the /public_html/swollen/ directory. I suspect that whole swollen directory was plated there using that alot.php file, this file is self updating and self replicating and it’s linked to by all those HTML files.
I have added this new threat to my definition updates so you can now remove the threat using my plugin but I would suggest just deleting that whole “swollen” folder via FTP.
You should also delete that backup file made by BackupBuddy and then make a new backup of you site without that infected folder.
Aloha, Eli
You’re amazing! Thank you so much for all that you do!!! Cheers, Lisa
