Forum Replies Created
-
AuthorPosts
-
When you click the “…taking too long…” button, what error message do you get?
It may be too much for your server to handle cleaning 5,000 files in you pass. Does it clean some of them before the error message? You may be able to clean them in batches until there are few enough to handle without causing the error.
When I am cleaning a site that is as infested as yours is, I employee a technique that I call “Clean as you go”. It works like this: I start a Complete Scan and I watch the results as it progresses. Every time it finds about 100 or so infections I click the “Automatic Fix” button, but I don’t stop the scan, it still keeps going and finding more. This allows the popup results window to deal with the cleaning in smaller batches and by the time you are done scanning your final cleaning should only take a few seconds. Then you should run the Complete scan again to make sure you got them all.
Let me know how that works for you. If you still get an error message.
If you can see your registration when you are logged into gotmls.net but the domain name does not exactly match your site URL then you can just un-register your site, then go back to your wp-admin and re-register using the pre-filled registration form on the right-hand side of the Anti-Malware Settings page.
It is certainly possible that a bad infection could cause intermittent errors and server slowness, but I would if your host has any error_log files that might shed some light on the cause of the errors.
Be careful about mentioning malware infections to your host though, sometimes they will just suspend your account and not help you at all.
Do you still get this error? Sometimes the “502 bad gateway” is just something your host throws up when the server is having trouble. If you didn’t run the fix then it those files would not have been changed, so there would not be anything in the quarantine. If you want to send me access to your site then you can email me directly: eli AT gotmls DOT net
if you are still getting the “502 bad gateway” error then I would need your FTP login to look at these files.
It must be something specific to your site/server because I have not seen this problem before and I cannot recreate it on any of my test sites.
I would like to figure out what is causing this on your site, even if it’s just a conflict caused by another plugin. Would you be willing to give me access to your WP Admin so that I can troubleshoot it on your site?
If you want to email me directly with your WP Admin login then I will take a look at it. If this is a new threat then I can add it to my definition updates so that it can be found and automatically removed.
Both those error numbers refer to a NO_HTTP_REFERER error.
I guess the Protect WP Admin plugin is hiding your HTTP_REFERER when redirecting your login attempts.
The key you registered is for your domain with “www.” in front of it but somehow you manually registered your key to the domain without any Ws so it didn’t match. I have added the “www.” to the beginning of the domain that you registered so you can get the definition updates now.
You should always use the pre-filled registration form on the right-hand side of the Anti-Malware Settings page.
I see a key registered in your name, but you haven’t really given me anything to go on. Can you email me directly with a screenshot of the error or your WP Admin login so that I can tell what the problem is?
You shouldn’t need to whitelist anyone as it should only block brute force attack but you can add more IPs to the array on the first line of you wp-config.php file.
That first line should start like this:
< ?php if (!in_array($_SERVER["REMOTE_ADDR"], array("1.2.3.9", "1.1.1.6"))I uploaded this helpful PHP script to github so that it would be easy for you and others to download. I used this script to restore the corrupt core files on your site.
Here is the link:
Just place this PHP file on your site then path directly to it in your browser and it will check your core files and let you restore any files that have been altered (even if your WP site is broken).
Oh, sorry, I thought you were able to restore it from a backup, but I see now that you were referring to another site.
If you want to send me an FTP login to you server then I can manually restore the site from the quarantine.
I just release a new plugin update that fixes this issue.
Please download the new release, version 4.15.27, and let me know if that works for you.
There should be a button to enable the Brute-Force Protection if it is compatible with your server, otherwise you should be getting some kind of error.
If you need more help with this can you send me a screenshot.
It is possible that an infected computer would infect the post content or that a Key Logger on the client’s machine gave the user’s login to a hacker so that they could infect the content. But it could also just be a coincidence and the hack could have come in from a backdoor or another vulnerability.
-
AuthorPosts
