Steven Baron

Forum Replies Created

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • November 2, 2018 at 5:37 am in reply to: Interesting detection… #2184

    Steven Baron
    Member

    Is that a session code that expires?  The majority of my issues are injection related…

    October 11, 2018 at 4:18 am in reply to: locked out of website #2174

    Steven Baron
    Member

    I would manually re-upload the WooCommerce plugin.  Alternately you can also disable your plugins which should then allow you to login again and ultimately fix the issue.

    October 1, 2018 at 5:04 am in reply to: Scan potential threats #2170

    Steven Baron
    Member

    Here is an example of 2 .ICO files from different sites that were found once I removed it from the skip files and was caught by the scanner…

    wp-includes/js/thickbox/.bcb5a93b.ico
    wp-content/plugins/skimlinks/.f397826e.ico

    October 1, 2018 at 3:41 am in reply to: Scan potential threats #2169

    Steven Baron
    Member

    There are litterly dozens of these randomly named files that are scattered through out the sites.  The code in each on is very different but seems to use the same base for encryption.  With that it seems that .ICO files are apart of the attack.  I would recommend removing it from the skip files with the following extensions.  Do you want me to send you more code samples for comparison?

    Also in addition to the manual removal request ability on the potential threat location, maybe you should have a submit for evaluation as an option next to the “white list” when you click on the file.  This would save a lot of time reporting and getting the attack code in your hands quicker  If you think it might be miss used then maybe activate that option for users that have donated as it will validate the user and allow a little tighter control.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)