Forum Replies Created
-
AuthorPosts
-
Thanks. I added that eval variant to my Known Threat.
Yes, please send me this file and I will add it to my Definition Updates ASAP.
It is also possible that the quarantine directory is not writable, in which case it would not be able to make a backup of these infected files before cleaning them. That would prevent it from continuing, as a backup is an essential step before make any file-system changes.
If you still can get it to clean those files and you would be willing to send me your WP admin login then I would be willing to take a look at it personally.
This sounds like a permission problem. Maybe those infected files are not writable. You can try to check and change the permission of those files with an FTP client like Filezilla.
Let me know if you need more help.
The swirling icon by the brute-force protection indicates that your server is being checked for session compatibility. if it takes a whole minute and return the “No response from server!” then there is something preventing the session test for confirming session compatibility. I can’t say for certain what the problem with your server is without seeing it but if this test fails then my brute-force protection may not work on your server until the underlying issue is resolved.
If you want me to take a look at it you can email me directly with your WP Admin login and I’ll see if I can tell you why it won’t work on your server.
Thanks for sending me your login info.
I can see the files that you cleaned with my plugin in the quarantine. They don’t look like they have any strange characters at the beginning but when I copy the contents and submit it to a string parser I wrote then an invisible character gets decoded at the beginning of the file. This is a bit fishy but it’s not malicious. I downloaded the source for the LayerSlider plugin and it looks like this html file is part of the original install so I have removed it from the definitions. If you download the lasted definition update then this file will no longer be detected as a Known Threat. You can also restore those files from the Anti-Malware Quarantine if you want to, although I don’t think they are really necessary.
Thanks for helping me resolve this issue. Please let me know if you have any more questions.
Would you be willing to send me your WP admin login so that I can figure out why it caught that file? I would really like to get to the bottom of this, for you, and also for myself. I need to know that it was not wrong for my plugin to remove the contents of that file, and if it was wrong I really need to fix it.
The only code that would match this content that I was actually just working on recently also has tree Hex characters at the start of the file. If you file really starts with “
Please check to make sure that there are not still definition updates available to be downloaded. If you are on Definitions version F2RBl and your HTML file does not have three funny looking characters at the beginning of the file and my plugin is still flagging this file as a threat then please let me know. I would like to look into this and get to the bottom of it.
February 23, 2015 at 11:07 am in reply to: The Button to activations Brute-force Protection does not appear. #1075This error you are getting indicates that there is something about your server that may make the patch ineffective or unstable. That is why you do not get the option of enabling this protection. If you want to email me your WP Admin login then I will check it out and let you know why it’s not compatible and what you would need to change to make it compatible.
February 6, 2015 at 8:20 pm in reply to: The Button to activations Brute-force Protection does not appear. #1073I released an update to that should fix that issue unless your server really cannot support a valid session. In that case you should at least get an error message after running that compatibility check for about 60 seconds.
Please update my plugin to version 4.14.59 and see if that solves the issue for you.
Sorry for the trouble this has caused you. There was a bug in version 4.14.56 that has been fixed in the newest release of my plugin.
Please download the newest version 4.14.58 and to fix this issue.
You can delete the two files in the Anti-Malware Quarantine ut the other temp files in the RevSlider directory may still be a problem.
If you want to email me your FTP login I can check those out and make sure it’s all clean.
Actually I have seen this exact this thing many times. Your database is clean and the search results you are seeing are just cached pages from January when your site was infected. My plugin fixed this infection when it cleaned the functions.php file so you just need to go to your Google Webmaster Tool and Request a Review of your site to get rid of all those cached pages that are no longer infected.
As for this folder of files that have unreadable code, can you tell me more about that? What folder is it? What are some of the file name? Can you send me a couple of those files so I can examine the contents?
The Automatic Fix button will remove the malicious code from the file, not delete the file.
If there is content defacement in the DB then you should be able to remove that pretty easily with the Page/Post editor. If it not that simple please describe the extent of the content corruption.
As it says, those “Potential Threats” are probably not malicious, and blindly removing them could cripple WordPress. What you need to worry about are the Known Threats.
The big red warning sign that you are getting is because your site is blacklisted. That means your site was probably infected with malware but it does not mean you still have that malware. Did my plugin already find and clean any Known Threats?
You can get more info about that big red warning by going to the Security section of your Google Webmaster Tools. This should tell you what pages were infected and when those infections were last see on your pages.
Please let me know what you find in your Webmaster Tools, and feel free to send me those potential threats if you want me to look them over to make sure they are not malicious.
-
AuthorPosts
