Forum Replies Created
-
AuthorPosts
-
This Warning is displayed by your web-server indicating that it does not have permission to delete this file. My plugin needs to delete the definitions_update.txt file after installing the initial update.
You can go ahead and delete this file manually through your FTP client and the warning will go away.
I will fix this in the next release of my plugin.
Thanks for the FTP access. I was able to get the 500 error fixed and I tested your wysiwyg editor too and it appears to be working now.
Please let me know if there is anything else.
I got rid of the links in your header that sucuri detected.
There is still an issue with the images in the uploads folder. Your server is returning a 500 error. Can you send me cpanel credentials too? I would like to take a look at your error logs and check some file via FTP.
The threats have been removed. Maybe you were seeing cache. Google still has cache of Uranus on your site, but it really is gone. It’s just a matter of time before Google updates it.
The best way for me to identify these new threats is for me to login to your WP Admin and scan for them myself. I would be happy to track them down for you and add them to my ever-growing list of Known Threats so that they may be Automatically Repaired.
Please don’t post your login credentials on this forum. If you want me to login to your site you send them directly to my email: eli at gotmls dot net
It looks like you might still have a malicious redirect on that site. If you want to give me your WP Admin login I will find and clear this last threat and add it to my definitions update so that it can be automatically removed in the future.
You can email your credentials to: eli at gotmls dot net
P.S. after the threat is completely removed you can request a review of your site in Google Webmaster Tools.
Dan,
Thanks for sending me credentials for your site. I’m glad I was able to remove the threat for you and I’m sorry I couldn’t do anything more for you about Google’s cache of your site. If you can please let me know how long it takes to for Google to re-index your site.
Having a backup of your site on your PC could help if you need to revert files in the future. These kind of malicious PHP scripts are not like PC viruses. they will not execute on your computer at home unless you have web-server software on your PC and call up these local pages in a web-browser.
Aloha, Eli
Those potential threats are usually not malicious so you don’t need to repair them. Your site looks clean from the outside too so you’re probably ok. Do you have any reason to suspect that your site is infected?
Files in the quarantine are backups of infected files that were found and fixed on your server. They are saved in /wp-content/uploads/ and are completely harmless there but you and delete them with an FTP client if you want to.
That said, it looks like you still have some viagra links on your site. There must be some injections into your code that my plugin missed. If you are willing to give me WP Admin access to your site I can look for the rest of them for you.
You can send credentials directly to me: eli at gotmls dot net
I found 5 infected files last night and one file that cannot be read that may be infected too.
Can you provided FTP access so that I can checkout the file that my plugin cannot read?
You can send FTP credentials directly to me: eli at gotmls dot net
Sure thing. Send me your WP Admin credentials and I’ll login and take a look. You can send the credentials directly to me: eli at gotmls dot net
Sorry about the bad email address, I just updated WP and the forum plugin and it screwed up the mail headers, but I think I’ve got it fixed now.
Anyway, your sites look clean now. I expanded the scan range to include the root public_html folder and scanned all the site on your shared host account. There were 2 backdoors and a few vulnerable timthumb scripts that I patched. Then I ran a Complete Scan and repaired all the .js files that had iframe injections in them.
It’s been over 12 hours and the Javascript files that were being re-infected every few minutes have stayed clean so I think I got them all.
Please let me know if you spot any more signs of infection.
I’d be happy to take a look if you email me your WP Admin credential. Just reply directly to this email (don’t post them on the forum).
Your site looks clean. After removing the infection you need to get Google to recheck your site and clear those warnings.
You must have something new that neither sucuri nor myself have seen yet. If you would be willing to give me access to your WP Admin I will track it down for you and add it to my definitions.
-
AuthorPosts
