Plugin Author
Eli
(@scheeeli)
It skips binary file types and empty files. What files are being skipped that look suspicious and what are the contents of those files.
Well…that’s a really great question. :-/ I’m not sure how to describe what the content is, as when I click on them they’re just a bunch of code, which I don’t understand at all. (I’m not a tech person at all)
However, many have suspicious names, such as …/public_html/lrob5l/par/Sexy-foto-of-14-years-old-town-girl, and …/public_html/lrob5l/par/Vijana-wa-kidato-cha-sita-waliopangwa-mgambo-jkt-2016. Along with other adult looking files and random malicious crap in other languages.
…/public_html/lrob5l/par/download-video-mermaid-eps-4 is another one. I definitely do not have any videos of mermaids on my website. And there are hundreds of files like these. I clearly need to get rid of them but have no idea how, and I also don’t know why they’re not getting picked up as malicious.
thanks!
Plugin Author
Eli
(@scheeeli)
Those sound like malicious files but I don’t know why they are being skipped if they really do have code in them. Can you send me some of those files so that I can check them myself?
eli AT gotmls.net
aaawoooOOOOOPS! My bad! I didn’t notice the text field where we could add files to skip, and there were many file types already added in by default. So I went ahead and deleted them all and am running scans again.
Which brings up a new question: as those files are now being scanned, I’m watching the files listed on top as they’re being scanned…ones that are obviously malicious are slipping right past. I literally just saw a file with the words “naked woman” in it getting scanned, and not a thing popped up as a threat.
What the heck? :-/
Also, I had a different question in the forum that hasn’t gotten answered: some “potential threats” are clearly threats, I can tell by their name. But the plugin doesn’t give me the option to delete them, and I have no idea how to do that.
Plugin Author
Eli
(@scheeeli)
It’s not the names of the files that my plugin scan but the contents of the files, where it looks for known patterns of malicious code.
Also, there is a reason for excluding those file type, they cannot execute malicious code on your server so the is no urgent need to scan them.
Actually, I did also answer that other question, and I have not gotten a reply from you to my specific response on either of these threads. If you want me to add these new threats to my definition updates then you need to send them to me so that I can examine the malicious code in those files…
ok, now my webhost has just completely deactivated my account and won’t give me access to my website, because of “terms of service violations” meaning malware. They’re trying to get me to pay exorbitant amounts of money to SiteLock, which I know is a horrible scammy company, to get my website up and running again.
Please help! Please advise. My website is now completely down with no way to even access any of the files at all. I have no idea what to even do.
Plugin Author
Eli
(@scheeeli)
They should at least allow you to access the site through the control panel or FTP so you can clean the files. You should ask them to whitelist your IP or allow you so access so that you can at least clean up the site and get it back into compliance.
I am not sure if I should add to this post, but I too have many skipped (over 2000) files that GOTMLS is not scanning. Many are PHP files where is where all the malware seems to hide – and they are not in my “exclude” list. I have have only been using GOTMLS for about two weeks now and so far I love what it can do – but I have looked at every option over and over to try to figure out what I must be misunderstanding and can’t figure it out. Does anyone have any suggestions?
Here is my exclusion list:
png,jpg,jpeg,gif,bmp,tif,tiff,psd,fla,flv,mov,mp3,exe,zip,pdf,css,pot,po,mo,so,doc,docx,svg,ttf
And yet, here are examples of the files skipped:
…/html/wp-includes/SimplePie/Cache/cache.php
…/html/wp-includes/js/tinymce/plugins/directionality/wp-login.php
…/html/wp-content/themes/index.php
Note that it SEEMS that most PHP files are scanned, but a few dozen are not.
In the “HTML” scan options I have ticked all of the following boxes:
wp-includes
wp-content
wp-admin
stats
docs
cgi
_db_backups
Templates
.errordocs
Any suggestions?
Thanks
Plugin Author
Eli
(@scheeeli)
So, there is always a reason that these files are skipped. If you hold your mouse over the file names in the skip list it will tell you why it was skipped.
Oh, cool. I never noticed that before. Thank you. The file size showed zero.
Hopefully a helpful Suggestion – to make it more obvious to users that this is what needs to be done, you might consider adding a tiny note to this affect as part of your “skipped files” header.
Thank you for your great tool.
Plugin Author
Eli
(@scheeeli)
Thanks,
Yes, files with 0 bytes are not harmful 😉
