Forum Replies Created
-
AuthorPosts
-
My plugin does not stop DDoS attacks on WooCommerce. The Brute-Force Login Protection only helps protect from attacks of this kind on your wp-login page. For WooCommerce you will likely need to formulate some kind of custom defense since your WooCommerce store will have it’s own structure and this exploit will be tailored specifically for your store.
Try to find a commonality in your access_log files that you could block with an .htaccess Rule, or else add some additional CAPTCHA to your checkout process with a CAPTCHA plugin that is designed for WooCommerce integration.
There are many reasons why your server might not be able to start a persistent session. To start trouble shooting I would suggest that you check the sessions.save_path in the php.ini file on your server. Then verify that the path specified is writable by your web-server user and make sure that the partition containing that folder is not full or mounted Read-Only.
You may also need to get your hosting provider to check on this if you do not have the proper access to your server.
That 500.php looks like a false positive, there is no Eval or any kind of Request Execution in the code you posted. The redirect behavior on your site must be coming from some other code. Was there nothing else found by your hosting provider?
Can you send me a screenshot of the scan results from my plugin?
You can email me directly with any other details.
Do you have any evidence that your site has actually been hacked besides that alarming message from malcare?
The fact that bots are causing 404 errors in your log files is not surprising, this is pretty much a given on most any website. When bots ask for pages that do not exist on your server the 404 error message is the appropriate response, so this is not something I would be worried about.
I don’t see any reason why you would not be able to download a backup of your website. Even if it is potentially infected with a malicious PHP script downloading these files to your PC would not post a direct threat as they are designed to be executed through a web server and typically will not function on a PC without installing and configuring web server software on your local machine.
If you have any other evidence that your site might actually be infected with a real malicious threat of some kind then please send me a link so that I can check it out for you. Otherwise, I would not be concerned about an alarming yet vague warning from a plugin that will not tell you what it’s found unless you give them money, to me this is just as bad as ransomware when it is likely that they have not actually found any malicious hack on your site.
This sounds like a caching issue. If you clear your cache and refresh the page it should show that you are already registered, or given enough time the cache may expire and this page would then show the correct registration status.
Please let me know if you are still having any issues with this and I can help you troubleshoot further.
If you have moved the site to a new server and it is still getting hacked on regular intervals then you most definitely have a backdoor script or a Zero Day vulnerability on the site that is letting in this hacker.
You can find the script responsible by reviewing the access_log files on your server. You just need to look at what URL was requested at the exact time of the last infection. You can get the infection time on the Anti-Malware Quarantine page. Please note, the quarantine and infection times are stored in GMT/UTC so there may be some conversion required if your server logs are in the local time of the server.
Please let me know what you find or if you need more help. You can email me directly with your log files and a screenshot of your Quarantine if you cannot find the relevant entries. If you do find a new threat that is allowing this hack then please send me that file as well so that I can add it to my definition updates.
September 11, 2024 at 4:24 pm in reply to: Known javascript malware: malware.injection?96.12 #135980I have just been updating my definition database with a lot of new threats today and I think the one you have on your home page was in that batch.
Can you please download the latest definition updates (version O9BGI or later) and run the Complete Scan again to see if this remaining threat is now identified and fixed by my plugin?
Your website is loading fine for me now. Did you already figure out what was wrong?
Please let me know what you did to fix it, or if you are still having trouble please send me a screenshot so that I can see what page you are having an issue with.
August 23, 2024 at 3:24 am in reply to: Complete scan status seems to be OK, but still have malware in my site #134550That’s great! I’m glad that you were able to find the cause of that redirect, but what is more concerning is how that WPCode plugin got on there. Did you install it or do you know how it got on your site?
August 22, 2024 at 2:13 pm in reply to: Complete scan status seems to be OK, but still have malware in my site #134485I don’t see the redirect from my end, even on my mobile. Can you provide the exact steps to recreate this redirect?
Please also check these steps on another device to make sure it’s not just a caching issue on your device.
If you have already resolved this issue then please let me know how you fixed it.
This is not your error_log file at all, this is just an SQL Export file with some records from your database.
After looking at your website I can see that the following comment is present in every single out page on your site, including all the admin-ajax.php generated JavaScript pages like the one that my own plugin uses for the brute-force login protection:
If you can find the rogue file on your server that contains this comment text then you can remove that comment to fix all the dynamic JavaScript on your site that is currently breaking, including my login protection.
If you cannot find it and you would like to give me access to your site then I can look for it too. Please email me directly if you want to pass on any sensitive data.
eli AT gotmls DOT net
That is very unusual. We will need to know what the error is in order to fix it. Can you please check the error_log files on the server to see what the last few errors are?
Most of the files that are skipped will be binary file types like images that do not contain executable code so they are not a threat. You can hover over the files listed to see the reason why each one was skipped.
I have just added this new threat to my definition updates. Please download the latest definition update and try the Complete Scan again.
Let me know if that works for you or if you need more help.
I can see the redirection on your website, but it seems not to be detected by any of your malware plugin, not even mine, correct?
If this is not found in your core files after you latest scan then it must be a new threat which is yet undiscovered by any of us Anti-Malware specialists.
I would like the opportunity to find this new threat if you are willing to grant me access to your site. Please Contact me directly via email with any credentials you are willing to share.
-
AuthorPosts
