Forum Replies Created
-
AuthorPosts
-
Scan Depth is the number of sub-directories to drill down into (as it says below that field “how far to drill down”), it has nothing to do with how many domains you have. It also says “-1 is infinite depth”, which is the default and recommended setting. Setting this to any positive number would restrict the scan from digging down into any sub-directory below that number from the level that the scan starts in. You should only change this setting from the default -1 if there is some specific reason that you don’t want the scan to hunt too deeply into all the sub-directories in your scan path.
You can either login to each of your additional accounts here on http://gotmls.net/members/ and then transfer each of those accounts to your main registered email, or you can simply re-register each of your domains to the right email address by clicking on the green checkbox in the upper-right side of the Anti-Malware Settings page in your wp-admin.
This looks like a cache issue. I see that the malware was already removed by my plugin. The problem was that Google only scans their cache of your site and not the live site, they are also slow to react and re-index when changes are made. So it may take some time for them to approve your site after the problem is fixed.
Make sure that you have a current sitemap uploaded to the Google Search Console to help expedite the current and correct indexing of your clean site.
It sounds like you are not actually having the same problem as Steve. Also, the database scan feature is already finished and is part of the current version of my Anti-malware plugin, so if you have the latest version you should see that the DB scan is included in the complete scan.
It sounds like you have multiple sites on the same shared hosting plan and they’re all getting reinfected by the malware spreading back and forth from one site to the other. In cases like this it is essential to get all the malware off of the server at one time so it doesn’t have chance to replicate itself to the sites that you’ve already cleaned. Depending on the security on server and the number of infected sites you have, and if this malware is also spreading from other accounts on the server that are not within your control, you may have to move your sites to a more secure hosting environment in order to get them clean and keep them clean.
I had thought that this issue was already resolved. As I said in my first reply: if this is still a problem you can send me the exact code that is flagged so that I can fix it (again).
Thanks for posting this code. I have updated the definition of this threat so that it removes all of the malicious injection and does not leave behind any broken syntax.
I see that it is fixed now. Can you tell me what file was broken?
If you can send me the original content for that file then I can update the definitions so that it will not break that file again.
Sorry I didn’t see this post until just now, I somehow missed the notification.
This .htaccess code that you posted is not detected as a threat in the newest version of my definition updates, so maybe I fixed it already or else there is a subtle variation from this code that you posted and the code that you have in your .htaccess files.
Let me know if this is still a problem and you can send me the exact code that is flagged so that I can fix it.
January 6, 2019 at 10:16 am in reply to: redirected to safe-load.gotmls.net when trying to display a user page #2203This is not a threat but rather a vulnerability called User Enumeration, which would permit anyone to discover your usernames using an unrestricted URL such as:
/?author=2 That is why it is one of the Firewall options that is enabled by default. If you wish for any un-authenticated visitor to be able to easily view this information about any user in your database by passing a common number like 1, 2, or 3 then you can simply disable the User Enumeration protection on my Anti-Malware plugin’s Firewall Options pages in your wp-admin.
Please feel free to let me know if you have any further questions about any of this.
Thank you for this info. I have looked into this and added some new threats to my definition updates since your post. I would like to know more about you specific hack to be sure that my plugin can now fix this vulnerability. Can you please email me any files that you might still have that were infected or any older versions of mailpoet that were compromised on your server?
Thanks for noticing, I hope to have some more really nice features coming soon
Just re-register your new key for the HTTPS site under the same email address and it will continue working the same for you.
Check the permissions on your /tmp/ directory (or wherever your server stores session files, and also make sure that the partition is not full or write-protected.
Verify that mod_rewrite is installed and working and that Apache is able to run the code in the .htaccess files.
You can also look in your error_log files to see if it might tell you what the problem is.
You may need to ask you hosting provider for help with some of this if you don’t know where to look for these things. Maybe they can test your server’s ability to maintain a persistent session and just tell you what is causing this problem.
December 3, 2018 at 10:36 am in reply to: Another Plugin or Theme is using 'fatal_error_handler' to handle output buffers #2192It looks like fatal_error_handler was originally used in concrete vendor software called Symfony that is available on GetHub, but it may have been re-purposed for one of your plugin or some other malicious code on your site.
I don’t know anything about AceIDE or sirzooro but they both also have forks on GetHub. Do you know what all the plugins on your site are there for, and can you validate that their source is legitimate?
No, because reinstalling the plugin does not affect the registration. All you need to do is to click on the green checkbox in the upper-right corner of the Anti-Malware Settings page in the wp-admin of that site. Then change the email address on the registration form and re-submit the registration under your email.
-
AuthorPosts