Anti-Malware Admin

Forum Replies Created

Viewing 15 posts - 631 through 645 (of 664 total)
  • Author
    Posts
  • in reply to: FilesMan backdoor #793

    Anti-Malware Admin
    Key Master

    Ivica,
    Thanks for sending me access to your site. I don’t know where this code came from but it is not a complete threat. The harmful code that usually follows that line at the top of your wp-config.php file is just not there. I removed that line of code from the file and I could not find any other sign of malicious content.

    Aloha, Eli

    in reply to: FilesMan backdoor #792

    Anti-Malware Admin
    Key Master

    Hi Ivica,
    Thanks for that code snippet but I’ll need more info to add this to my definition update.

    This looks like only part of the threat with the dangerous part having already been removed. Can you look in Quarantine to see it there is a completely infected version of your wp-config.php file?

    If you have the whole infected file can you email it to me (you can remove your database credentials from the file before sending it to me).

    Aloha, Eli

    in reply to: Weird pharma hack #786

    Anti-Malware Admin
    Key Master

    Grady,
    It sounds like you are on the right track. Your site may already be cleaner than you think. The seemingly random occurrences of this hack may be simply due to caching on either the browser or the web-server side. If you have any caching plugins you should deactivate them.

    Also, check Google Webmaster Tools to see if it shows any infected URLs in the health section. You can also fetch a page from your site as the Google Bot to see if it still contains any malicious code.

    Aloha, Eli

    in reply to: Theme Files Tagged As Threats, etc. #785

    Anti-Malware Admin
    Key Master

    I fixed that message: “Unable to find your plugin version!”. It was just because my website did not have the right version number for the last release I just uploaded. Thanks for bringing that to my attention.

    Those three potential threats are probably safe. They are most likely popping up because the contain the eval function which can be used to display execute malicious code but not so much in JS files.

    Please let me know if I can be of further assistance.

    Aloha, Eli

    in reply to: Admin area 'disappears' after running script #783

    Anti-Malware Admin
    Key Master

    David,
    I’m concerned about what would cause you to not be able to login to your admin especially if removing my plugin fixed it. Would you be willing to give me an admin login to your site? I would like to track down the source of this issue and fix it. I would also check to make sure there is no more malware.

    You can email login credentials directly to me: eli at gotmls dot net

    Aloha, Eli

    in reply to: Weird pharma hack #779

    Anti-Malware Admin
    Key Master

    Ida,
    Thanks for providing access to your site. I did some tweaking to my plugin on your site and got it to find and remove that last bit of malicious code in your theme. I think your site is all clean now. Can you try reposting any corrupted entries to Facebook and make sure the new postings do not contain these viagra ads.

    You will also need to get Google to re-index your site. This may take some time but it will help to go to Webmaster Tools and submit a new sitemap and request a review in the Health section if there is any malware listed there.

    If you sill have signs of a current or recurring infection please let me know and I can check your site again.

    Aloha, Eli

    in reply to: Weird pharma hack #771

    Anti-Malware Admin
    Key Master

    Your site looks clean now from the outside. Check the Health section of Google Webmaster Tools to see if the search engine cache is clean and request a review if it is not.

    in reply to: Weird pharma hack #769

    Anti-Malware Admin
    Key Master

    This sounds like a conditional ad injection but these pharma hacks vary quite a bit. Can you provide me with WP Admin access to your site?

    You can email your login credentials directly to me so I can look for the infection.

    Aloha, Eli

    in reply to: Updates in loop on site with SSL #768

    Anti-Malware Admin
    Key Master

    Just wanted to say thanks for letting me into your site. It was helpful to see how the non-SSL resources performed on an SSL site. I have secured my own sites with PositiveSSL now. I have also released a plugin update with the modifications I made on your version so the links to the updates are all SSL compatible now.

    Thanks again for bringing this to my attention and allowing me access to your site so I could fix it.

    Aloha, Eli

    in reply to: Updates in loop on site with SSL #766

    Anti-Malware Admin
    Key Master

    So your site is running SSL and the definition updates are not loading?

    I would like to figure out exactly what is going wrong and fix it for you. I expect It has to do with SSL and that my javascript that checks for updates is not SSL.

    Can you email me with WP Admin login info for you site?

    eli at gotmls dot net

    in reply to: Can't remove threats or patch wp-login vulnerability #755

    Anti-Malware Admin
    Key Master

    Hi Josh,
    I’m happy to help any way I can.

    If my plugin fails to write to the files that need fixing it is probably because of the permissions on those files or some other restriction preventing apache from writing to your file system.

    If you want me to look at it for you, you can send login credentials directly to my email address: eli at gotmls dot net

    Aloha, Eli

    in reply to: header.php vulnerability #752

    Anti-Malware Admin
    Key Master

    That great. Changing the permissions may work but sometimes the hackers scripts can change them back and then write to the file anyway.

    Better protection is always good and it is best to understand how the hacker is gaining access to know what protection you need to improve on. In most cases it is either a vulnerability of the host or the software you have put on the site. If there are no back-doors or vulnerabilities in the software you are running on your site (WordPress, Plugins, Themes, etc.) then it could be the host or another site on the host that is letting your site get reinfected. The only thing I can suggest is to switch to another (more secure) host.

    I am currently working on a very secure hosting environment for just such a need. The server is up and I am hosting site on it now but I have not opened it up to the public yet. It will be about $12.75 per site per month, probably more than you are paying now but more secure too ;-)

    If you are interested in hosting on my new server just send me an email and I can help you make the switch.

    Otherwise, best of luck to you and Aloha,
    Eli

    in reply to: Using the plugin to scan the whole hosting account #748

    Anti-Malware Admin
    Key Master

    I just updated this one for you too. Don’t forget to download the definition updates (and make a donation ;-)

    in reply to: Using the plugin to scan the whole hosting account #746

    Anti-Malware Admin
    Key Master

    I just added one more level for you. You will need to download the definition update again for these changes to take effect.

    Please let me know if that had the desired effect.

    in reply to: Using the plugin to scan the whole hosting account #744

    Anti-Malware Admin
    Key Master

    I would help me to know for sure that I got it if I had access to your WP Admin on this site, but you can try it now and let me know. Just download a definition update and then you should see one level higher in your directory tree. If this is the right directory then you will be able to scan all your sites from this one admin.

    Please let me know if that did it for you.

Viewing 15 posts - 631 through 645 (of 664 total)