Forum Replies Created
-
AuthorPosts
-
Your server either does not allocate enough memory to PHP to clean all 2,881 files at one time or the process is timing out before it finishes. Either way you just need to click the auto-fix button 6 times (one more time after each failure) for it to finish fixing all the infected files.
It would also be a good idea to run the Complete Scan again after you are done, just to make sure it got them all and they are not coming back.
For future reference, you can try the “fix as you go” method when running large scans like this one. Just click the fix button each time the scan finds a few hundred infections and the scan will keep going but it will also clean the malicious threats that it has already found, so that by the time you are done scanning you can also be nearly done cleaning. That way it won’t get hung up trying to clean thousands of infected files at once.
October 19, 2015 at 12:26 am in reply to: Multiple sites affected do I need one GOTMLS account? #1273Please email me directly with the sites and key that you are having trouble with and I will help you sort it out.
eli AT gotmls DOT net
You can login to gotmls.net with that email and go to the Members page (click the profile link) to see all the sites you have registered under that account. If you have registered other sites under a different email address then you can login to that account and transfer your registrations to the other account.
If you cannot find what account was used to register a specific site you can email me directly.
Actually in the case of ecolcin.com your WordPress URL is http://portal.ecolcin.com not http://ecolcin.com/portal so this is not technically a subdirectory install. It may be that the site is installed inside a sub-directory that is inside public_html but WordPress does not see it that way. If you have a site that is in the root public_html directory then you can user that site to scan nall the other sites inside it.
Yes, it should offer you this option automatically.
Only 3 of the 47 sites you have registered are in subfolders and I don’t see any of them installed in a wordpress folder. Can you tell me which site this is for?
Those files show up in the potential threats because they use the eval function but they should be ok to whitelist. Just make sure that it’s only a simple eval statement that it highlighted in those files before you whitelist.
Check for new definition updates. If you already have the latest definitions and it’s still not finding anything then you can send me a login and I will take a look at it tomorrow (it’s getting late here).
These files are not malicious, they are written by the Brute-Force Login patch installed by my plugin. These are essentially log files that record all the failed login attempts. As you can see from the info you have decoded, those files store a timestamp and method in a serialized array.
I don’t want to use the database to store that info because the whole point of my Brute-Force patch is to preempt the WordPress boot-loader so as to prevent attacks from having a DDoS effect on your server.
I am working on a better way to do this though, one that does not require writing to files or using a session.
Are you getting any error messages?
Check the error_log files on your server to see what is causing the site not to come up. If your not sure where to find your error_log files ask your hosting provider where to they are on your server.
As I said, you need to install the Core File definitions by checking the automatic-update box and starting a Complete Scan.
Did you just upgrade to the new version of WordPress?
When you change the version of WordPress that you have installed the Core Files definitions need to be updated too. This can be done by checking the automatic-update button and starting a Complete Scan.
September 14, 2015 at 7:23 am in reply to: Multiple sites affected do I need one GOTMLS account? #1247You will need to install my plugin on each site that you want to protect. You can register each site using the same email address so that you only have one account. Then you can donate from any site on that account and it will show up accross all the site on the same account.
I think there must be something that is blocking the external JavaScript from loading in your browser. Can you check your browser’s Error Console and/or the Element Inspector for any errors on that page?
Also try another browser, maybe even on another computer, to see if the results are any different.
Thanks for sending me your wp-admin login. I found that new threat in your theme header file and I added it to my definition updates. When I downloaded the new update on your site and scanned your theme again it found the malicious script and removed it.
Your site is now clean, I re-checked it on sucuri sitecheck too and it also shows that it’s clean now.
You can’t post any HTML here. Can you try just pasting the URL without any formatting or HTML tags?
You can also just email it directly to me if you want.
-
AuthorPosts
