Forum Replies Created
-
AuthorPosts
-
Sorry it took me so long to reply. I missed the notification that this topic was created and my grandson has been in the ICU so I have been a bit distracted and not keeping up with all the forums as well.
Anyway, I wanted to confirm that this issue was resolved. According to my logs this was a false positive and the definitions have already been updated to reflect that these files are no longer a Known Threat. If you are still having any issues with this false positive being detected then please email me directly:
eli AT gotmls DOT netThose would be files that the scanner was unable to open or read so they could not be scanned. That could have been caused by a permission problem with the file or a PHP memory_limit that is set too small to permit the scanning of that much content at once.
You can try running the scan again and see if you get the same errors on the same files, or you can ask your hosting provider to increase your memory_limit in the php.ini file on your server.
My Super Secure Hosting starts at $12/month per site. You can signup here:
supersecurehosting.comIf you have any questions feel free to email me directly.
It is most likely that this infection is coming from another site on your server, so there may not be any vulnerabilities on you site that is letting in this infection, and a firewall cannot stop the spread of a virus that is already on the inside. Honestly, the best thing you can do to protect your site from this type or crossover contamination is to move your site to a more secure hosting environment. You need a hosting environment that isolates your site from other potentially infected or vulnerable sites on the same server. I do also offer Super Secure Hosting for exactly this kind of issue. Let me know if you are interested in moving your site to one of my secure servers. Otherwise, you should at least try to get your site onto another host to stop this particular infection from recurring.
The sucuri scan looks all clear now. I know that they cache their scan results so maybe you were just seeing the cached results from their first scan. Let me know if you stil need more help.
June 28, 2019 at 11:06 am in reply to: Google Search sends user to a different site than the one intended #2307I’m sorry to say it but Google does take some time to re-index your site even after threat was removed. It looks like you have already resolved this issue now though. Please let me know if you still need any help with this.
It just means that the scan was unable to read those files. If you get errors on those same files every time then you should probably check those files manually or you can send then to me to check.
June 19, 2019 at 4:13 pm in reply to: registered on GOTMLS account but says not registered on WP #2302It might just be that the page on your site is cached and not showing updated registration info.
If you clear your cache and refresh the page and it still does not show that the site is registered then can you please send me a screenshot of that page?
You still have an account with 7 sites registered to it, which one is saying that it’s not registered?
Send me a screenshot of the page you are seeing that says your site is NOT registered and I can figure it out for you
Your problem is a common one, and I can tell you the basic steps to pin down where this repeated infection is coming from.
Understand that there are two main types of exploits that hackers could use to continually infect your site (internal and external).
An internal exploit is one where there is a vulnerability on your site and the hacker, bot, or automated script is exploiting that vulnerability to infect more files on your site. If this is the case then there will be evidence of this activity in your access_log files. Simply examine the activity recorded in your logs at the exact time that the last infection occurred and you will have your answer (infection times are saved in the Anti-Malware Quarantine). If there is no activity in any of your log files at the times of the last infections then you can assume that these infections are coming in from an outside site, not any of your sites.
The most common kind of external infection is a cross-over infection from another site that is hosted on the same server as your site. Shared hosting server are notorious for having no cross-site security and thus it is extremely easy for hackers who have taken control of one site on a typical shared hosting server to use that site to infect all of the other sites on that same server (even if they are on another user’s account). This type of infection is harder to detect without root access to the server and even harder to prevent, as you will likely not have access to restrict the activities of other users on that server. The best thing you can do in this case is to move your sites to a more secure hosting environment.
Please feel free to let me know if you have any more questions on any of this.
June 3, 2019 at 9:48 pm in reply to: The resource you are looking for has been removed, had its name changed, or … #2290It looks like the site is working now. did you fix it?
I think it was hacked by exploiting a known vulnerability in the older freemius class used by your woo-product-gallery-slider plugin.
I can see that my plugin has patched this vulnerability for you but you may want to update that plugin and then scan again to see if it still has any more vulnerabilities.
What site are you needing help with?
Did you try the Complete Scan again?
The tokens are automatically generated every time the page loads but they do expire if you leave your browser on that page for too long. As the message says: Please try re-submitting the form.
If you refresh the page and try the scan again and still get the Token error then there might be something wrong with your database.
Click the “Taking too long” button to see the results, maybe there is an error message?
You should also check your browser’s Error Console for JavaScript Errors.
Also, check the error_log files on your server to see what errors are recorded there when you try and fix the threats.
I see the directory index every time I load your site. I can’t tell if it was done maliciously or it your server is just not configured correctly, but it’s definitely not working. I don’t see any obvious signs of malware but it’s hard to tell when your site is not loading right anyway.
I would suggest that you talk to Gridhost about getting your server configured correctly or move to a better hosting provider if they are not going to help you.
-
AuthorPosts
