One more question:
Doe’s the quarantaine only works when plugin is activated?
Plugin Author
Eli
(@scheeeli)
The premium features include the automatic update method which enables the Core File Scan and Brute-Force Patch. The auto-scan feature is still under development and not yet available to anyone at this time.
The Quarantine is a record of those files that have been modified (cleaned) by my plugin. deleting the quarantine will only erase the record of those changes bot not revert the infections to those files. However, it can be super helpful to keep these quarantine records for many reasons.
Doe’s it mean that there is only on chance to revert directly after scan (popup with green text) which btw didn’t work as I tried this?
Plugin Author
Eli
(@scheeeli)
No, that’s not how it works. You can restore any or all changes made during the cleaning from the quarantine page at any time. Keep in mind that it’s generally not a good idea to restore these changes from the quarantine back into the original files. If these files we’re infected and then cleaned then restoring the chances would put the malicious infection back on your site. So you only need to use this feature if there was some kind of mistake made during the cleaning.
So I understand that files are in quarantaine also when plugin is not active? Right?
Do You know files which I now have everwhere (in each domain) like money.php payout.php? promo.php? Is it comming from ALPHA TEAM which an Infektion?
I also see on 1 domain folder banner bei wordpress which I don’t know.
Btw I am waiting for Autoscan 🙂
And now I get on one subdomain alert by download new definitions:
Sorry 77.183.4.255, your request cannot be processed.
For security reasons, it was blocked and logged.
NinjaFirewall
If you believe this was an error please contact the
webmaster and enclose the following incident ID:
[ #7152092 ]
What should I do?
Plugin Author
Eli
(@scheeeli)
Yes, the Quarantine does not re-release those threats if you deactivate the plugin.
My scanner does not identify threats based on file name (since you can name a file whatever you like and that does not make it good or bad) it detects the malicious code within the files. So, is my plugin not finding the bad code in these money.php, payout.php, and promo.php files or has it already removed the threat from these files? Can you send me some of these files as email attachments so that I can check them for you?
I don’t know what URL is being blocked by that NinjaFirewall plugin but you should be able to whitelist it in your wp-admin. Maybe you can send me the URL that is getting blocked and I can check it out?
You can email me those files directly and also any other details that you don’t want to post on the public forum:
eli AT gotmls DOT net
