Forum Replies Created
-
AuthorPosts
-
Did you run a Complete Scan on you whole site using my Anti-Malware plugin?
Does it find any Known Threats (in RED)?
Hi Gene,
Thanks for sending me your login details. I’m all done with your site so feel free to change your password now.I have also added this new threat to my definition updates so others can automatically repair their site that are infected with this same malicious code.
Aloha, Eli
P.S. That error you are getting in sucuri is just a bug. You can scan your site from sucuri.net and it works fine.
Hey joe,
Just wanted to follow up on the forum here. You got your hosting provider to reload the site and fix the read-only permission errors?Was my plugin able to remove all those threats?
Let me know how it’s going… if you need more help I can take another look.
Aloha, Eli
Hi Joe,
400? That sounds pretty bad. The most likely reason for this is that the files are read-only or that the httpd/apache user on your server does not have sufficient permission to write to those infected files. This could be because the hacker locked the files after infecting them or just that you server’s security setting are really strict.
If you want to send me your WP Admin login to your site I will check it out for you. There may be a simple workaround for this and it will help me to see how different servers react to different methods of fixing this issue.
Don’t post you credentials on the forum though, just email them directly to me: eli at gotmls dot net
“Method Not Implemented” for POST sounds like a problem on your server. Is there any form on your site that does work?
Can you give me access to your site to check it out?
I am surprised to hear this is a problem. I an setting the Maximum execution time to 30 seconds for each file scanned but it would appear that is not long enough in your case.
Try changing line 229
From:
set_time_limit(30);
To:
set_time_limit(60);Please let me know if this works for you or if you have any more trouble.
First, I hope you are talking about “know threats” because “potential threats” are not meant to be automatically removed as they are usually not malicious.
Second, it would help me to know it what way it is not working for you. As you can probably imagine it is working fine for most people (myself included). Of the few reports I have received about this kind of problem nobody that I have replied to has gotten back in touch with me about the specifics of there issue.
Please help me help you. I want fix the plugin if there is something wrong, however, in all the cases where I have heard back from anyone, it turn out that they were only finding “potential threats”. So, please respond with more details about this issue.
Can you send me the whole footer.php file so that I can check it out and make an exception to my definition rules?
Will,
Thanks for letting me into your server. I’m glad we were able to get to the bottom of this issue and get your server all cleaned up. I have added the new variant I found on your server to my definitions updates so everyone else will benefit from the new discovery.Aloha, Eli
Larry,
I have released a plugin update that may fix this issue for you. There are also new definition updates that find new variants of these malicious scripts.Please upgrade to the newest version of my plugin and try to update the definitions. And please let me know if it is working for you now.
Aloha, Eli
Heather,
I’m glad to hear that my work has proved useful to you.
I have a possible solution that may help with your subdomain issue. I see you have registered a lot of domains to this plug. If you have multiple domains on the same server then I could modify your registration on gotmls.net to allow you to scan one level higher in your directory hierarchy. This could make it easier to scan the parent of a sublevel domain or siblings of your primary domain under the parent directory. Let me know if you want to try this, and what domain would you use as your primary registration.
I don’t think this will help specifically with your 404 error though. I have not seen this happen before. If you are willing I would like to take a closer look at your site and debug this issue for you. Then I could release an update that may help others who are having the same problem. Is there any way I could get a temporary admin account on that site so that I can run the scan myself and see where it’s breaking?
Thanks for the offer to donate (I would be very appreciative). I am willing to help you through this in good faith and then, when we are done, you can decide how much it is worth to you and donate appropriately.
Aloha, Eli
-
AuthorPosts
