Forum Replies Created
-
AuthorPosts
-
January 11, 2017 at 8:11 am in reply to: This new BETA feature is only available to registered users who have donated at #1751
I see all three of your donations and a bunch of sites you have registered under this account, does it show your donations in your wp-admin for this site or does it say that you have not yet donated?
Maybe the site you are asking about is registered under another account, what is your Key for this last site?
If those new drafts are not being generated by a local script (might not even be in the site directory, look for php files in the user’s home directory and check for cron jobs), then it could be a direct SQL injection using your DB credentials, otherwise it might also be entered from an admin’s local PC that is infected with a BHO or XSS exploit.
There must be some kind of overzealous protection (probably in your .htaccess file) that is stopping you from posting that update to your own admin.
That is strange because I know it works for lots of other people using GoDaddy. I am not sure why your site will not start a session but it is usually due to a server configuration issue, like php.ini settings or the permissions on the /tmp/ directory (or wherever the session files are kept on your server).
This is probably something you will need GoDaddy to look into for you as you may not know where to check these settings and you may not even have the access you need to fix it.
@Durrant,
I will need to see the whole script to add it to my definitions. If you already have the latest definitions and you are sure that it’s not already found then you can email me directly with the source code or the infected files or you can send me your wp-admin login so that I can view it myself.This threat is actually already in my definitions. Do you have the latest definition updates installed? Which site is this on?
You can email me directly with the name of the site and the key, and also the current definition version installed on that site, and I will de-register to site so that you can re-register it under your email address.
You cannot re-register a site that is currently registered to someone else. You would need to get them to login to http://gotmls.net/members/ and transfer their registration to your email address. Re-installing the plugin will not affect the registration.
This error means that the Nonce Token was not sent to the page. On what page do you get this error (what is the URL)?
You can reply directly to my email if you do not want the URL posted on the forum.
I am glad my plugin was helpful to you and fixed your problem on that site, and I hope it helps you with your other sites too.
Honestly, the best way to protect your site is to host it on a Super Secure Server, that is why I created Super Secure Hosting. That is the only way I know of to be sure that your site won’t get infected again. I have moved hundreds of infected sites to my specially secured servers and none of them have been reinfected since.
You can sign up here if you are interested:
Hey, I just found this unanswered topic, sorry, I didn’t receive the email notification when you posted it.
Anyway, I looked at you site and I can see the offending script, I just need to track down the source of the infection. Would you be willing to give me your wp-admin login so that I can find it and add it to my definition updates? If so, please send me a direct email, do not post the info on the forum.
It may not be related to your WordPress install directly, it could be coming from another user’s site on that server, typical shared hosting accounts are not very secure.
The best thing to do for the security of your site would be to move it to a more secure server. I do offer Super Secure Hosting for $12/month per site. If you just have this one site to worry about then you should just move the site to my server and be done with this. I have moved hundreds of infected sites to my servers and non of them have ever been reinfected again since.
I got your other direct email so if you are interested in hosting with my you can send me your hosting details directly to my email and I can move the site for you.
If you are getting reinfected with the same or similar threats repeatedly then the root vulnerability that let in the hack the first time is still there.
If this hack is coming in through a server vulnerability or from another infected site on the same server then there is no plugin that you can put on this site that will stop it for good. You need to find the root cause, the source of the infection.
Is this a shared hosting account?
If so, how many sites do you have on your account?
Sucuri caches their results, so those threats were already fixed. I clicked the “Force a Re-scan” link at the bottom:
*Cached results from more than 2 days ago. Force a Re-scan to clear the cache.
and now all it shows is a link you a counter site witch might be a false positive but you can probably remove it anyway.
This is the Brute-Force Protection, which you can disable on the Firewall Options page in your wp-admin, under Anti-Malware.
-
AuthorPosts
