Forum Replies Created
-
AuthorPosts
-
It is possible that there is a back-door on your site that is planting those DB injections, but it is more likely that the malicious injections are coming from outside of your site. If there was any malicious code in the files on your site then my plugin should be finding it. If it is only finding malicious injections in your DB then the hack is likely to be a direct DB injection using your DB credentials. First try changing you DB password and update your wp-config.php file to match. If the DB injections continue then I would suggest that you move your site to a move secure host.
It might be but I am not familiar with it by that name specifically. Can you send me an example of that malware so that I can confirm it for you.
I have just released a definition update for this new threat. Please make sure that you have the latest definition updates and run the complete scan again. That should find and fix this threat throughout your database.
It looks like there is one script leftover, maybe in your theme’s header.php file. If you can send me your header.php file then I will add this new threat to my definition updates.
August 14, 2019 at 11:03 am in reply to: The Scan Results Disappeared Before I Could Fix Issues #2326The Complete Scan is an interactive processes that shouldn’t take more than an hour to finish and the automatic fix can be run at any point after a known threat is found, even if the scan is still actively running. I would like to help you figure out why the scan is taking so long if you are willing to work with me to figure it out. If you could start by sending me a screenshot of the scan in progress after about 15 to 20 minutes then I can probably tell a lot more about what might be casing this issue.
P.S. Sorry for the slow response time, my grandson has been in the hospital so I have not been as quick to get back to people s I usually am.
It sounds like the admin-ajax.php file is not working on your WordPress install. Can you check that or maybe restore the domain access to your site so that you can run WordPress at the normal URL for your site?
Yes, that will work. Please let me know if you need anything else.
P.S. Sorry for the late reply, my grandson has been in the hospital and I somehow missed some notifications.
It should not be taking more than an hour to complete, can you please send me a screenshot of the scan after it’s been running for a shot while so that I can see what might be going on?
Sorry it took me so long to reply. I missed the notification that this topic was created and my grandson has been in the ICU so I have been a bit distracted and not keeping up with all the forums as well.
Anyway, I wanted to confirm that this issue was resolved. According to my logs this was a false positive and the definitions have already been updated to reflect that these files are no longer a Known Threat. If you are still having any issues with this false positive being detected then please email me directly:
eli AT gotmls DOT netThose would be files that the scanner was unable to open or read so they could not be scanned. That could have been caused by a permission problem with the file or a PHP memory_limit that is set too small to permit the scanning of that much content at once.
You can try running the scan again and see if you get the same errors on the same files, or you can ask your hosting provider to increase your memory_limit in the php.ini file on your server.
My Super Secure Hosting starts at $12/month per site. You can signup here:
supersecurehosting.comIf you have any questions feel free to email me directly.
It is most likely that this infection is coming from another site on your server, so there may not be any vulnerabilities on you site that is letting in this infection, and a firewall cannot stop the spread of a virus that is already on the inside. Honestly, the best thing you can do to protect your site from this type or crossover contamination is to move your site to a more secure hosting environment. You need a hosting environment that isolates your site from other potentially infected or vulnerable sites on the same server. I do also offer Super Secure Hosting for exactly this kind of issue. Let me know if you are interested in moving your site to one of my secure servers. Otherwise, you should at least try to get your site onto another host to stop this particular infection from recurring.
The sucuri scan looks all clear now. I know that they cache their scan results so maybe you were just seeing the cached results from their first scan. Let me know if you stil need more help.
June 28, 2019 at 11:06 am in reply to: Google Search sends user to a different site than the one intended #2307I’m sorry to say it but Google does take some time to re-index your site even after threat was removed. It looks like you have already resolved this issue now though. Please let me know if you still need any help with this.
It just means that the scan was unable to read those files. If you get errors on those same files every time then you should probably check those files manually or you can send then to me to check.
-
AuthorPosts
