Forum Replies Created
-
AuthorPosts
-
August 14, 2019 at 11:03 am in reply to: The Scan Results Disappeared Before I Could Fix Issues #2326
The Complete Scan is an interactive processes that shouldn’t take more than an hour to finish and the automatic fix can be run at any point after a known threat is found, even if the scan is still actively running. I would like to help you figure out why the scan is taking so long if you are willing to work with me to figure it out. If you could start by sending me a screenshot of the scan in progress after about 15 to 20 minutes then I can probably tell a lot more about what might be casing this issue.
P.S. Sorry for the slow response time, my grandson has been in the hospital so I have not been as quick to get back to people s I usually am.
It sounds like the admin-ajax.php file is not working on your WordPress install. Can you check that or maybe restore the domain access to your site so that you can run WordPress at the normal URL for your site?
Yes, that will work. Please let me know if you need anything else.
P.S. Sorry for the late reply, my grandson has been in the hospital and I somehow missed some notifications.
It should not be taking more than an hour to complete, can you please send me a screenshot of the scan after it’s been running for a shot while so that I can see what might be going on?
Sorry it took me so long to reply. I missed the notification that this topic was created and my grandson has been in the ICU so I have been a bit distracted and not keeping up with all the forums as well.
Anyway, I wanted to confirm that this issue was resolved. According to my logs this was a false positive and the definitions have already been updated to reflect that these files are no longer a Known Threat. If you are still having any issues with this false positive being detected then please email me directly:
eli AT gotmls DOT netThose would be files that the scanner was unable to open or read so they could not be scanned. That could have been caused by a permission problem with the file or a PHP memory_limit that is set too small to permit the scanning of that much content at once.
You can try running the scan again and see if you get the same errors on the same files, or you can ask your hosting provider to increase your memory_limit in the php.ini file on your server.
My Super Secure Hosting starts at $12/month per site. You can signup here:
supersecurehosting.comIf you have any questions feel free to email me directly.
It is most likely that this infection is coming from another site on your server, so there may not be any vulnerabilities on you site that is letting in this infection, and a firewall cannot stop the spread of a virus that is already on the inside. Honestly, the best thing you can do to protect your site from this type or crossover contamination is to move your site to a more secure hosting environment. You need a hosting environment that isolates your site from other potentially infected or vulnerable sites on the same server. I do also offer Super Secure Hosting for exactly this kind of issue. Let me know if you are interested in moving your site to one of my secure servers. Otherwise, you should at least try to get your site onto another host to stop this particular infection from recurring.
The sucuri scan looks all clear now. I know that they cache their scan results so maybe you were just seeing the cached results from their first scan. Let me know if you stil need more help.
June 28, 2019 at 11:06 am in reply to: Google Search sends user to a different site than the one intended #2307I’m sorry to say it but Google does take some time to re-index your site even after threat was removed. It looks like you have already resolved this issue now though. Please let me know if you still need any help with this.
It just means that the scan was unable to read those files. If you get errors on those same files every time then you should probably check those files manually or you can send then to me to check.
June 19, 2019 at 4:13 pm in reply to: registered on GOTMLS account but says not registered on WP #2302It might just be that the page on your site is cached and not showing updated registration info.
If you clear your cache and refresh the page and it still does not show that the site is registered then can you please send me a screenshot of that page?
You still have an account with 7 sites registered to it, which one is saying that it’s not registered?
Send me a screenshot of the page you are seeing that says your site is NOT registered and I can figure it out for you
Your problem is a common one, and I can tell you the basic steps to pin down where this repeated infection is coming from.
Understand that there are two main types of exploits that hackers could use to continually infect your site (internal and external).
An internal exploit is one where there is a vulnerability on your site and the hacker, bot, or automated script is exploiting that vulnerability to infect more files on your site. If this is the case then there will be evidence of this activity in your access_log files. Simply examine the activity recorded in your logs at the exact time that the last infection occurred and you will have your answer (infection times are saved in the Anti-Malware Quarantine). If there is no activity in any of your log files at the times of the last infections then you can assume that these infections are coming in from an outside site, not any of your sites.
The most common kind of external infection is a cross-over infection from another site that is hosted on the same server as your site. Shared hosting server are notorious for having no cross-site security and thus it is extremely easy for hackers who have taken control of one site on a typical shared hosting server to use that site to infect all of the other sites on that same server (even if they are on another user’s account). This type of infection is harder to detect without root access to the server and even harder to prevent, as you will likely not have access to restrict the activities of other users on that server. The best thing you can do in this case is to move your sites to a more secure hosting environment.
Please feel free to let me know if you have any more questions on any of this.
June 3, 2019 at 9:48 pm in reply to: The resource you are looking for has been removed, had its name changed, or … #2290It looks like the site is working now. did you fix it?
I think it was hacked by exploiting a known vulnerability in the older freemius class used by your woo-product-gallery-slider plugin.
I can see that my plugin has patched this vulnerability for you but you may want to update that plugin and then scan again to see if it still has any more vulnerabilities.
-
AuthorPosts
