quttera
Forum Replies Created
-
Forum: Plugins
In reply to: [Background Image Cropper] Background Image Cropper has a VIRUSIt may come from other accounts (or other sites) if you are using shared hosting to host this site.
Forum: Plugins
In reply to: [Background Image Cropper] Background Image Cropper has a VIRUSIt is worth to search website access log files for suspicious HTTP POST requests targeting /wp-content/uploads/ folder or probably other non-core PHP files.
You either missing installed shell files or one of the used plugins have security vulnerability and allows upload of PHP files or remote code injection.
Forum: Fixing WordPress
In reply to: Malware linkIf this tag is not part of source code then it should present in WordPress database. You can dump it using phpmyadmin or any other database management tool.
If you open source of HTML page via website browser, you can see that after the mentioned jQuery tag, there is another script injection commented out. Try to look for this string as well.
In general you need to perform internal (server side) scan of your website. Our plugin provides internal scanner. You can try it out or install another one.
You may want to compare WordPress core files. For this you need to download WordPress sources and compare what you have on your site. Modified source files can point on infection.
Try to investigate WordPress options table. Such Javascript injection may come from this table as a result of malware injection via one of vulnerable plugins installed on your site.
Forum: Fixing WordPress
In reply to: Malware linkTry to find the location on this comment as the mentioned JavaScript injection occurs just after this comment
<!– jQuery –>
Probably it worth to download website sources to your desktop and search PHP files for string
“<!– jQuery –>”
Did you scan your WordPress with any internal (server side) scanner to locate this infection?
All paths mentioned in the report are relative to the website root directory.
These files are accessible either via cPanel or via FTP.
For example, if your website locates at /public_html/ folder then /wp-includes/js/thickbox/.40d8bc75.ico file will locate at this path
/public_html/wp-includes/js/thickbox/.40d8bc75.ico
Please note that file names start with “.” (dot symbol) which is interpreted as “hidden file” by some shells.
If you still unable to locate these files, please send paths of infected files to hosting support team and they will assist you to locate these files.
Best Regards,
Quttera Team.Thank you for the valuable feedback. The feature request has been forwarded to our R&D.
Thank you for reporting this issue.
We mark it as suspicious because there are multiple malware instances utilizing this technique to steal/redirect traffic from infected websites.
Please whitelist this detection on your side.
Next to the detection section, you will find a button “Whitelist file” or “Ignore Threat”.
Please use it and plugin won’t claim anymore on this files.
Thank you for using Quttera Web Malware Scanner and for the positive feedback.
According to provided information it seems that you have configured PHP to run in single worker mode.
During the internal scan request, quttera scanner fully occupies resources of singe PHP worker thus your website is inaccessible during the scan.
Quttera scanner requires two or more PHP workers to perform internal scan and keep website accessible during the scan.Please let us know if the above answers your question. If you have any other questions or need help, please us know here or open ticket in our helpdesk: https://helpdesk.quttera.com/
Forum: Fixing WordPress
In reply to: PC CPU maxing at 100% following auto-update of wordpressCould you please send us infected jquery file to support[at]quttera.com thus we can investigate it and update plugin to detect this infection?
Thank you.
Thank you for providing this sample.
Could you please send us the same sample to support[at]quttera.com
We will forward your post to malware research team for further investigation.
- This reply was modified 7 years, 11 months ago by Jan Dembowski.
Thank you for reporting this issue.
Please send list of all effected domains to support[at]quttera.com and our malware research team will investigate it and remove the warning.
- This reply was modified 7 years, 11 months ago by Jan Dembowski.
Thank you very much for your feedback.
Plugin updates released twice per week to keep plugin’s detection capabilities up to date. Unfortunately we detect new malware on daily basis and just required to update investigation engine with new detection rules thus plugin’s users will be able to detect new infection as well.The issue has been fixed with 3.0.2 version update.
It seems that issue occurred due to empty line after PHP close tag in file qtrScanLock.php.
We just released patch version 3.0.2.
Can you please try to install it once again and let us know if you still experience this issue.
Thank you very much for cooperation!
Please contact our support team by email [email protected] and we will do our best to fix it.