Forum Replies Created
-
AuthorPosts
-
The custom output buffer handler called “Bot_Linker” is probably malicious and it’s probably the reason the Complete Scan is not working. Output buffer handlers can filter or alter the output and thus affect anything or everything on your site.
Have you tried the Quick Scans?
If you keep getting reinfected then you should move your site to a move secure server.
The last definition update should solve these errors for you. If you still get them after you download the update let me know.
Also, if that wp-content/index.php file is not identified and fixed by my plugin after this latest update then please send that file to me so that I can inspect it personally.
That’s a great suggestion for anyone with a site that is not WordPress.
Your server either does not allocate enough memory to PHP to clean all 2,881 files at one time or the process is timing out before it finishes. Either way you just need to click the auto-fix button 6 times (one more time after each failure) for it to finish fixing all the infected files.
It would also be a good idea to run the Complete Scan again after you are done, just to make sure it got them all and they are not coming back.
For future reference, you can try the “fix as you go” method when running large scans like this one. Just click the fix button each time the scan finds a few hundred infections and the scan will keep going but it will also clean the malicious threats that it has already found, so that by the time you are done scanning you can also be nearly done cleaning. That way it won’t get hung up trying to clean thousands of infected files at once.
October 19, 2015 at 12:26 am in reply to: Multiple sites affected do I need one GOTMLS account? #1273Please email me directly with the sites and key that you are having trouble with and I will help you sort it out.
eli AT gotmls DOT net
You can login to gotmls.net with that email and go to the Members page (click the profile link) to see all the sites you have registered under that account. If you have registered other sites under a different email address then you can login to that account and transfer your registrations to the other account.
If you cannot find what account was used to register a specific site you can email me directly.
Actually in the case of ecolcin.com your WordPress URL is http://portal.ecolcin.com not http://ecolcin.com/portal so this is not technically a subdirectory install. It may be that the site is installed inside a sub-directory that is inside public_html but WordPress does not see it that way. If you have a site that is in the root public_html directory then you can user that site to scan nall the other sites inside it.
Yes, it should offer you this option automatically.
Only 3 of the 47 sites you have registered are in subfolders and I don’t see any of them installed in a wordpress folder. Can you tell me which site this is for?
Those files show up in the potential threats because they use the eval function but they should be ok to whitelist. Just make sure that it’s only a simple eval statement that it highlighted in those files before you whitelist.
Check for new definition updates. If you already have the latest definitions and it’s still not finding anything then you can send me a login and I will take a look at it tomorrow (it’s getting late here).
These files are not malicious, they are written by the Brute-Force Login patch installed by my plugin. These are essentially log files that record all the failed login attempts. As you can see from the info you have decoded, those files store a timestamp and method in a serialized array.
I don’t want to use the database to store that info because the whole point of my Brute-Force patch is to preempt the WordPress boot-loader so as to prevent attacks from having a DDoS effect on your server.
I am working on a better way to do this though, one that does not require writing to files or using a session.
Are you getting any error messages?
Check the error_log files on your server to see what is causing the site not to come up. If your not sure where to find your error_log files ask your hosting provider where to they are on your server.
As I said, you need to install the Core File definitions by checking the automatic-update box and starting a Complete Scan.
Did you just upgrade to the new version of WordPress?
When you change the version of WordPress that you have installed the Core Files definitions need to be updated too. This can be done by checking the automatic-update button and starting a Complete Scan.
-
AuthorPosts
