Forum Replies Created
-
AuthorPosts
-
Can you please send me a link to the infected pages and an sample of the malicious code being displayed on those pages so that I can look into this further and get these new threats added to my definition updates?
March 18, 2020 at 1:21 pm in reply to: Google ads disapproved my ads because of "malicious software" links #2443I don’t see these links on your site any more so maybe you have already removed this threat. If Google is still refusing to approve your ads then they might be reacting based solely on they cache of your site from a time when it might have been infected.
I am still working on an auto-scan feature but it just isn’t ready yet. I will let you know when I have this feature available.
If you can send me those ‘<script’ tags which are not being removed by my plugin then I will add them to my definition updates so that they will be automatically removed in future scans.
Also, if you are still getting database injections on a regular basis I would suggest that you focus on hardening your DB security on your server. Start by changing your DB_PASSWORD and updating your wp-config.php to match. If that does not stop these injections and your host has no other security to offer then I would suggest moving your site to a move secure hosting environment.
Thanks for reporting this issue. I will have this Deprecation Notice resolved in my next plugin release. In the mean time you should probably turn off error_reporting for Deprecated Notices in your php.ini file:
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATEDI see a bunch of sites registered to your account. Try clearing your cache and refreshing your wp-admin page to see if it shows that you are already registered. If not then send me the key that you are trying to register and I will check it for you.
If your site is on a shared hosting account then this kind of attack could be coming from any of the other sites on this server, it could even be coming form a site that is not under your account.
If you have cleaned every site on your account and it still comes back then I would advise that you move your site to am ore secure hosting environment.
You can go with the Pro Plan to cover what you need for these sites. This server is in Eastern Canada which should be fine but I do have other server in the US if you would prefer that.
I’ll give credentials to the server once you sign up. I can also help you move the sites over when you are ready. From here on you should email me directly either by replying directly to the email notification of this post or by emailing:
support [AT] supersecurehosting.comI don’t have any firm limits but I would need to make sure that I put your sites on a server that can handle your needs. These are not VPSs, what I offer is fully managed hosting on a modified CentOS kernel using cagefs to chroot each site into it’s own virtual filesystem, so no hacks can find their way from one site any other site on my servers. The server I have in mind for you would be a quad core with 32Gigs of RAM and 2 480 raided SSDs. I have a website for you to sign up for hosting services but I don’t promote it or offer much info on the site. My focus is on security and stability and so I only offer this my hosting to people who I feel really need it.
If you scan the public_html directory on the main site then it will probably scan all the sub-sites, it just depends on how your sites are structured on the filesystem.
The most important thing is to get all you sites clean at the same time. If you scan all your sites, and remove all the malware, and then scan all your sites again, and they are all fine for a little while, then the problem may not be coming from any of your sites. This malware could be spreading from a site on another account on that server. In that case you should probably move all your sites to a move secure server where they will not be exposed to cross-site contamination from other users.
I do offer Super Secure Hosting for $12/month per site. I could host all 4 sites for $44/month and they would never get hacked again. Let me know if you are interested and I can help you move your sites over to one of my Super Secure servers.
So there must be some other threats on the server that are re-writing these files. Have you run the Complete Scan on the site’s root directory?
Do you have any other sites on that server that might also be infected?
Can you send me a screenshot of the results from the Complete Scan right after you have cleaned these infections?
I have added this threat to my definition updates so that it can now be automatically removed.
With the kinds of trouble that you have had with the scan not completing and now the read errors, I would guess that the memory_limit in your php.ini file is set too low. Ask you hosting provider if you need help finding or changing the memory_limit on your server.
You also need to find the error_log files on your server. Those will tell you a log about the cause of these problems.
There must be something malicious remaining on the server that is rewriting that infection. You need to be able to run the Complete Scan.
Can you open the error Console in your browser’s Inspector and send me a screenshot of the Complete Scan when it gets stuck?
You can also check the error_log files on the server to see if there is anything that might indicate why the complete scan is not able to complete.
What site is this error on?
That issue is with your site’s configuration on the server not specifically with my plugin. First you need to fix the bug that is causing this error, then you can try the complete scan again.
Can you send me the error_log file so that I can try to help you pin down the root cause of this issue?
-
AuthorPosts