P51Admin
Forum Replies Created
-
SiteLockWeston – I did perform the scan that was mentioned by IAMMarchHare supplied by sucuri.net and the scan came back clean.
The scan being completed is a scan performed directly within the system and generates the scanlog.txt file that is deposited within my site folder structure.
The presence of that file seems to be reported in some way to SiteLock which results in the call from someone at SiteLock. I am sure this is all above board and something that has been arranged between my hosting provider and SiteLock.
I have looked at the files in question and the folders that they reside in. There are more files in the same folder that have the same file modification date.
It is a folder that should be scanned by the WordFence product and what I can’t figure out and the reason for the original post is why WordFence (and sucuri.net) say there is nothing and why SiteLock is saying there is a problem.
This post was supposed to be more of a question to WordFence about how can I confirm that the files in question are being scanned and that the “all clear” is justified.
Thank you for your response though …
To Callie1983 – I am not a WordFence expert, but I would think that there is some way to reach a configuration file related to the WordFence plugin and “reset” the settings to “factory”.
Again not an expert but renaming the file or finding an original copy and uploading (overwriting) the changed file should have some affect on the operations.
I have been logging into my site using both the original admin account and a secondary administrative account with no problems. I am thinking that some sort of “rule” is determining that you are an “intruder” and therefore you are being blocked.
Just my VERY UNPROFESSIONAL opinion … Google is our friend in most cases.
Sorry but that is the best I have for you.
Hello, and thank you for taking time to reply.
I appreciate your $0.02.
I agree with all your points.
To clarify a bit.
I got the call from them and then contacted my hosting group to ask if there was any such group as Sitelock and if so would they act this way. I was informed that the hosting group does have a relationship with SiteLock and there is usually a trial period thrown in with the hosting package.
My site has been up for well beyond the trial period and there is no mention of the SiteLock product being currently associated with my site or domain.
It was during the mystery call from SiteLock that I was told about the scanlog.txt file and it’s location.
I used the cPanel to log into my site and find the file and it is within that file that it divulges that it is a ClamScan log file. I have an older copy of a scanlog.txt file and in that file it did include information about what sort of malware was detected.
My call to the hosting group resulted in another “free scan” and a new scanlog.txt file.
The suspicious files are in a folder that I do not even think is used by my theme. (ie. “smilies” and “crystal”) Two are .PHP files and one is .pl. That is why I told WordFence to scan “outside” my WordPress installation.
So far I am going with WordFence on this one, but I would like to be certain. I guess that I could just rename the files or move them and see if my site breaks. (as long as I would still have cPanel access and could “fix” the site again).
I was also thinking of manually running a ClamScan but am not sure of two things; if I have SSH access, and what the proper syntax of the command would be.
Thanks again for your response. I was thinking that someone from WordFence would chime in but perhaps my timing is off.