Forum Replies Created
-
AuthorPosts
-
You can delete the two files in the Anti-Malware Quarantine ut the other temp files in the RevSlider directory may still be a problem.
If you want to email me your FTP login I can check those out and make sure it’s all clean.
Actually I have seen this exact this thing many times. Your database is clean and the search results you are seeing are just cached pages from January when your site was infected. My plugin fixed this infection when it cleaned the functions.php file so you just need to go to your Google Webmaster Tool and Request a Review of your site to get rid of all those cached pages that are no longer infected.
As for this folder of files that have unreadable code, can you tell me more about that? What folder is it? What are some of the file name? Can you send me a couple of those files so I can examine the contents?
The Automatic Fix button will remove the malicious code from the file, not delete the file.
If there is content defacement in the DB then you should be able to remove that pretty easily with the Page/Post editor. If it not that simple please describe the extent of the content corruption.
As it says, those “Potential Threats” are probably not malicious, and blindly removing them could cripple WordPress. What you need to worry about are the Known Threats.
The big red warning sign that you are getting is because your site is blacklisted. That means your site was probably infected with malware but it does not mean you still have that malware. Did my plugin already find and clean any Known Threats?
You can get more info about that big red warning by going to the Security section of your Google Webmaster Tools. This should tell you what pages were infected and when those infections were last see on your pages.
Please let me know what you find in your Webmaster Tools, and feel free to send me those potential threats if you want me to look them over to make sure they are not malicious.
It will fix Known Threats and Back-doors that it finds on your server and can also block some of the most common types of attacks.
My plugin cannot scan only a specific path that is not an option on the Settings page without a little hacking. What says the options-admin.php file is infected if my plugin does not detect it?
If you want to send me your WP Admin login then I would be willing to take a look at it for you.
Can you tell what is causing the error? Does your server have an error log?
If you want to send me your FTP login info I will fix it for you.
Hi Frank,
Let me first make sure I understand the issues you are having on these other two sites. Are you seeing active redirects or spam links on these webiste or just the warning that they may contain harmful content?If it’s just the warning then that just means your sites are blacklisted. Google and others cache your pages and may warn visitors about malware that you have already cleaned up. You need to go to your Google Webmaster Tools and Request a Review of your sites to get them off the blacklist so that warning goes away.
If you are seeing active malware on these site or Google Webmaster Tools displays infected URLs with a date that was after you cleaned them then you can send me your WP Admin login for that site and I will check it out.
Do you see any errors in your error_log file?
What page did you have to fix the parse error on, and can you send me that file so I can look at the code, or better yet can you send me direct access to your FTP server so I can fix it for you?
Thanks for sending me your login. I found the conditional redirect and added it to my Definition Update. After downloading the update on your site my plugin was able to automatically remove this threat.
Please let me know if there is anything else.
Yes, I can help. Can you email me directly with your WP Admin login? FTP credentials may help too, as these conditional redirects can sometimes be hard to find. I’ll check it out and let you know what I find as soon as I can.
Thanks for sending me your FTP and AP Admin credentials. I first restored all the infected files that my plugin cleaned to see if that would fix your site but that was not the problem and your site still did not come up. Then, while looming for the cause, I noticed that the permissions on all the files in your html directory were 555, this did not seem right. So, I wrote a script to change all the file permissions to 644 and all the directory permissions to 755. That fixed it and once you updated the database credentials in the wp-config.php file your site was working again.
I have finished the Complete Scan once more and fixed all the infected files again. Nothing broke and the permissions are still all right. I’m not sure how the permission on every file got changed to 555, maybe you had something else going on around the same time, or somebody else was working on it too, any ideas?
I just wanted to make sure you knew that I have added this code to my definition updates and I haven’t seen it come up any more. I think your site is clean now but if you do get re-infected please email me directly so I can check the file stats before you clean it. The timestamps on the infected files are critical to determining where the exploit is coming from if there is still a vulnerability on your site.
If you still need help with this you can email me directly with your WP Admin login.
I see that your site is already registered.
If you are still getting that “could not find server” message then you should check your browser security settings to see if it is blocking external javascript from loading. You can also check your browser’s error console to if it’s throwing a specific error message, or just try a different browser all together.
Please let me know if you figure it out or if you need more help.
Aloha, Eli
-
AuthorPosts
