Forum Replies Created
-
AuthorPosts
-
I would help me to know for sure that I got it if I had access to your WP Admin on this site, but you can try it now and let me know. Just download a definition update and then you should see one level higher in your directory tree. If this is the right directory then you will be able to scan all your sites from this one admin.
Please let me know if that did it for you.
Aloha Rob,
This can happen whenever WordPress fails to remove a plugin directory. You did the right thing by removing the folder manually.Thanks for posting your solution.
Mahalo, Eli
Michele,
Thank you so much for opening your server to me. I have just released a plugin update that includes the code fixes I had made for you on my previous version. This new version 1.3.05.31 should be compatible with that Flexible Frontend Login plugin. Please give it a try and let me know if you find any other problems with it.I can try. On what site are you wanting to make this change?
June 4, 2013 at 4:41 pm in reply to: Help, please! Fixed "known threats" and now my site is broken #735It would appear that the OptimizePress theme is using a method of code obfication that matches Known Malicious Threat patterns. I cannot see the code in those two files from the links you provided but if you were to send me those files I could check them out more thoroughly. I have temporarily white-listed this definition and I could create A permanent white-list entry for these files if I can confirm they are harmless.
Unfortunately I cannot do anything about your hosting provider calling them malicious so you would need to take it up with them too. I may also be worth it to let OptimizePress know that your host is flagging their files as malicious so that they can defend their product.
If you can email those files to me directly then I will check them out right away and white-list them if appropriate.
Ivica,
Thanks for sending me the login info. I was able to remove the remaining threats from the wp-config.php file. It turns out there were three different sets of malicious injections at the top of that file. I updated the definitions so that my plugin could remove each of them without breaking the syntax of the file.Please let me know if there is anything else I can do.
Aloha, Eli
Ivica,
I would be happy to help you resolve this issue. You can send login info directly to my email or just attach this infected wp-config.php file and I will figure out why it is breaking your site.
email: eli at gotlms dot net
Aloha, Eli
This is on [your registered domain], right?
If you have just downloaded the latest Definition Update then you should now be able to change that first option on the settings page to scan the whole site and not just the blog directory.
Please let me know if I that is not working. I would be willing to login to your WP Admin if you want to email me your login into (don’t post it here on the forum, of course, just reply to the email).
Aloha, Eli
Yes, those are both part of the same threat, and one that that I have see many times before. I have just updated the Definition and changed your scan range to include the root of this site (not just the blog directory).
Could you please download the new Definition Update, and change the Scan Directory to scan the whole site, then try a Complete Scan again?
Let me know if this still does not work.
Aloha, Eli
Did you run a Complete Scan on you whole site using my Anti-Malware plugin?
Does it find any Known Threats (in RED)?
Hi Gene,
Thanks for sending me your login details. I’m all done with your site so feel free to change your password now.I have also added this new threat to my definition updates so others can automatically repair their site that are infected with this same malicious code.
Aloha, Eli
P.S. That error you are getting in sucuri is just a bug. You can scan your site from sucuri.net and it works fine.
Hey joe,
Just wanted to follow up on the forum here. You got your hosting provider to reload the site and fix the read-only permission errors?Was my plugin able to remove all those threats?
Let me know how it’s going… if you need more help I can take another look.
Aloha, Eli
Hi Joe,
400? That sounds pretty bad. The most likely reason for this is that the files are read-only or that the httpd/apache user on your server does not have sufficient permission to write to those infected files. This could be because the hacker locked the files after infecting them or just that you server’s security setting are really strict.
If you want to send me your WP Admin login to your site I will check it out for you. There may be a simple workaround for this and it will help me to see how different servers react to different methods of fixing this issue.
Don’t post you credentials on the forum though, just email them directly to me: eli at gotmls dot net
“Method Not Implemented” for POST sounds like a problem on your server. Is there any form on your site that does work?
Can you give me access to your site to check it out?
I am surprised to hear this is a problem. I an setting the Maximum execution time to 30 seconds for each file scanned but it would appear that is not long enough in your case.
Try changing line 229
From:
set_time_limit(30);
To:
set_time_limit(60);Please let me know if this works for you or if you have any more trouble.
-
AuthorPosts
