Forum Replies Created
-
AuthorPosts
-
Do you see any errors in your error_log file?
What page did you have to fix the parse error on, and can you send me that file so I can look at the code, or better yet can you send me direct access to your FTP server so I can fix it for you?
Thanks for sending me your login. I found the conditional redirect and added it to my Definition Update. After downloading the update on your site my plugin was able to automatically remove this threat.
Please let me know if there is anything else.
Yes, I can help. Can you email me directly with your WP Admin login? FTP credentials may help too, as these conditional redirects can sometimes be hard to find. I’ll check it out and let you know what I find as soon as I can.
Thanks for sending me your FTP and AP Admin credentials. I first restored all the infected files that my plugin cleaned to see if that would fix your site but that was not the problem and your site still did not come up. Then, while looming for the cause, I noticed that the permissions on all the files in your html directory were 555, this did not seem right. So, I wrote a script to change all the file permissions to 644 and all the directory permissions to 755. That fixed it and once you updated the database credentials in the wp-config.php file your site was working again.
I have finished the Complete Scan once more and fixed all the infected files again. Nothing broke and the permissions are still all right. I’m not sure how the permission on every file got changed to 555, maybe you had something else going on around the same time, or somebody else was working on it too, any ideas?
I just wanted to make sure you knew that I have added this code to my definition updates and I haven’t seen it come up any more. I think your site is clean now but if you do get re-infected please email me directly so I can check the file stats before you clean it. The timestamps on the infected files are critical to determining where the exploit is coming from if there is still a vulnerability on your site.
If you still need help with this you can email me directly with your WP Admin login.
I see that your site is already registered.
If you are still getting that “could not find server” message then you should check your browser security settings to see if it is blocking external javascript from loading. You can also check your browser’s error console to if it’s throwing a specific error message, or just try a different browser all together.
Please let me know if you figure it out or if you need more help.
Aloha, Eli
If you send me your WP Admin I can take a look at it for you. You can email info directly to me: eli AT gotmls DOT net
Thanks for sending me your login. The public_html directory is the root of your site and there were some new threats found there. I added them to my definition update and moved them to the quarantine along with the rest of another threat that was fond on the last scan. There were no Known Threats on the USER directory above public_html so I think you are ok there.
Please let me know if there is anything else.
What site is this for?
If you want to send me the WP Admin login I will look at it for you. You can email me directly: eli AT gotmls DOT net
I have upgraded the scan depth on your account. Download the new Definition Update and you should be able to scan these other sites in the www directory.
Let me know if this works for you or if you need any more help.
Thanks for sending me this code. Unfortunately the character-set got altered when you posted it to the forum. Can you send me the original infected file?
You can email me directly with attachments to: eli AT gotmls DOT net
It may be that your webserver does not have permission to write to that file or the file could be read only by some other means. Can you email me directly with your WP Admin login so I can take a look at it, determine the cause, and find a suitable workaround for you?
Don’t worry about press-this, it’s a core file that is safe, it’s just shows up in the Potential Threats because it uses an eval method that some hacker use to hide their malicious code. I have not added it to my global whitelist for WP 3.9 yet but you can whitelist it.
As for the Complete Scan “freezing”, there could be a number of reasons for this. Did the similar forum topic not an answer that worked for you?
If it is staying on 0% and endlessly “Preparing” directories but the directories keep changing then you probably have a recursive symlink in your scan path. The easy work-around for this is to set your Scan Depth to a positive number (like 6 or 8).
If the directories that it is preparing do not change than it is getting stuck on something. If it’s always getting stuck on the same directory you could try adding that one to the list of folders to skip to see if it will go on.
Aloha, Eli
It all depends on what causes the high CPU usage. Assuming it is web-server related you should check the raw access logs. The access logs will show you what what pages users are loading and how frequently. If you see a lot of POST entries on the wp-login.php page, then my plugin can certainly help.
Try running a Quick Scan from the admin menu and give it at lease 90 seconds to see if it’s really stuck or just slow. If the Quick Scan doesn’t finish then try the Complete Scan from the Scan Setting page after changing the scan depth from -1 to 1, this should at least bring up the wp-login.php file and allow you to apply my brute-force patch.
Good luck, and let me know if you need any more help.
-
AuthorPosts
