Forum Replies Created
-
AuthorPosts
-
If the Anti-Malware Setting page still says “Your Installation Key is not yet Registered” then there should also be a pre-filled registration form below that message. The key and the Site URL must match this info exactly so it is best to use this pre-filled form when registering your site. Please try using this form and let me know what happens.
If it still does not work you can email me directly with your WP Admin login info for your site and I will check it out for you.
It looks like you got that last one fixed too. Sucuri caches their results, so you have to click “force re-scan” on securi.net to see that the issue has actually been fixed.
Aloha Todd,
I think you may have already cleared up the threat on this site. sucury actually caches the scan results so if you click on the link on sucuri.net to “Force a Re-scan” then I think you will see that it is clean.If you have other sites that are infected with this threat and it was not detected by my plugin then I would love the opportunity to look at one of your infected sites before you fix it so that I can add this new threat to my definition update. If you are willing to give me a WP Admin login to one of your infected sites then I will do this right away so that you can update my plugin and use it to clean all your other sites automatically.
Mahalo, Eli
Bill,
It is true that my plugin currently only scans the filesystem and not the database content. My plugin specializes in removing virus like threat from PHP scripts that users cannot find or remove on their own.Content defacement is a different animal and generally fairly easy for the user to find and correct. It is also not as common nor as dangerous. The more important question is: how did they modify the page content in your database in the first place. I understand that you are faced with fixing many pages and I think that you could accomplish this fairly quickly with an SQL statement that uses the REPLACE function to remove the malicious injection from every page at once. But you also don’t want to do a bunch of work cleaning it up only to have it get his again. You should be looking for the security hole that let that injection in too.
Aloha, Eli
You can just reply to my email address: eli AT gotmls DOT net
Hi Gail,
This sounds a little different then Andy’s issue. If you want to send me your WP-Admin login I will take a look and let you know what I find.Aloha, Eli
Daniel,
Have you already removed some threats from your site? Because Facebook actually caches your site, it may take a little while before your post look clean.
If you have not found anything wrong on the site yet and you need my help to locate the malicious code just send me your WP Admin login and I’ll take a look.Aloha, Eli
I would like to help you find this hidden threat. When I locate the source of that link I will add this new threat to my Definition Update and my plugin will then be able to remove this threat from all infected pages automatically.
If you would be willing to accept my help in this matter please send me your WP Admin login and password.
You can email me directly: eli AT gotmls DOT net
The definition Update is being blocked on your site by a firewall plugin that is setup to redirect you to your home page if you try and post any Hexadecimal values. Just deactivate the firewall plugin to do the update or add your IP address to the white-list in the firewall setting.
As for the output buffer handler, you may have something called Photocrati_Resource_Manager installed that may interfere with the scan process. My scan may still work fine but if it seems frozen or gets stuck while scanning see if you can deactivate Photocrati_Resource_Manager and try the scan again.
Please let me know if I can be of any further assistance.
It was turning on the plugin editor that fixed it. My plugin now requires you to have permission to edit files in order to use it (because it can edit files). I could add an alternate admin privilege to use as a credential for using this plugin, any ideas?
Thanks for the login. I can get in and it seems like I am an admin but I cannot edit my plugin. The plugin editor is not accessible. Is this a multisite install?
If so, could I be made a Network admin to edit my plugin or maybe you can give me FTP access to the gotmls folder in plugins?
So, you have deleted the plugin and installed it again, right?
I assume there were no errors when installing, so that you now have it installed but you are still not seeing it on the menu, right?
Would you be willing grant me access to your WP Admin so that I can fix this for you? It would really help me to see it in your admin. You can email your login directly to me: eli AT gotmls DOT net
It sounds like the update may have failed. WordPress may have gotten stick and left the plugin only half installed.
I would suggest completely deleting the gotmls folder in the plugins directory and then installing from scratch.
My plugin does not delete anything from the database. Once the malicious PHP code is removed that entry in the wp_options table has no effect. You can (and probably should) delete it just to clean up.
As far as the source of this infection, It is most likely a shared hosting vulnerability.
I have recently created a very secure hosting environment to answer this need. After testing this new server for a few months I have created a site and opened registrations to the public. It’s not going to be as cheap as the bulky shared hosting providers out there like GoDaddy and HostGator but it is way more secure.
You can signup here if interested or contact me directly if you want more info.
Aloha, Eli
No, My plugin does not add anything to the htaccess files.
Thanks for your donation to my plugin.
-
AuthorPosts