Eli
Forum Replies Created
-
I think that there must be something left on your server that is being overlooked, some malicious script hiding somewhere that has not yet been found. It might be that this malicious script is not even hiding on the site that keeps getting infected, it could be coming in from another site on the same server.
Your biggest clue is that admin_ips.txt file, what directory is that file in? The script that is writing that file might be in that same directory. Also, when that file is created, but before you make any changes to it, there will be some timestamps on the file that you can read with the “stat” command. Then you can cross-reference the modified timestamp with the entries in access_log files on your server. This may give you a clue as to what script is writing to that file.
You should also check the functions.php file in your theme and look for any new plugin files. These might contain new code that uses the “wp_footer” or some other WordPress hook to load a malicious function that will write all those malicious script tags to your DB.
Please send me anything you find that might help me identify this new threat and I will add it to my definition updates so that it can be automatically and completely removed in future scans.
eli AT gotmls DOT net
I’m sorry to hear that Wordfence couldn’t solve this for you even after you paid them, that is both disappointing and a little shocking, as I have always respected the Wordfence plugin and what they have done to make WordPress and the internet safer.
I am also disappointed that my plugin didn’t find this threat, and I want to help you get to the bottom of this and find the source of this new threat so that I can add it to my definition update and make it so that my plugin can find and fix it for you automatically.
I’m sorry to say that the link you posted to Sucuri’s of “Rogue Ads” is of no help in finding or fixing this threat. That is just a very general description of the end result of many type of infections, it does not say anything about what your site is infected with or even where this infection is found on your site. I would need a lot more information from you to be of any help to you. For starters, could you tell me what site is infected with this elusive threat?
Also, a specific snip-it of code that I should be looking for would be helpful.
And, if you want my help in actively tracking down the source of this threat then I would need a lot more, like screenshots or links to the scan results, a database dump, and a copy of any files that might contain this malicious code.
If you want to send me anything that would be too sensitive to post on this public forum then you can email it directly to me:
eli AT gotmls DOT netForum: Reviews
In reply to: [Anti-Malware Security and Brute-Force Firewall] Useless for meThanks for your response and I can appreciate how you have a valid position to represent here. As you may have also noticed, many of the reviews speak to my outstanding support and dedication that I personally offer to backup my plugin. Many of the issues that people bring to my attention are resolve quickly and easily, so I am disappointed that you didn’t give that a try before writing your review on the out-of-the-box plugin experience. Besides my own personal curiosity and my desire to make my plugin perform even better across all platforms and all situation, I also can’t help wondering if it might have been something simple that to fix that could have flipped your experience completely around.
As it happens, I could not find any registrations for your site so I was wondering if you could at least tell me if you were able to register and then download the latest definition updates successfully? If you did not download the latest definitions then that would at least explain why my plugin was not able to find any known threats.
Forum: Reviews
In reply to: [Anti-Malware Security and Brute-Force Firewall] Useless for meI’m sorry you had such an uncharacteristically disappointing experience with my plugin. I’m sure that you realize that this is not the norm, based on all the other overwhelmingly positive reviews.
I wish you would have reached out to me for support before giving up on my plugin, because I fully believe that this would have been a simple fix to correct whatever it was that was making my plugin spin it’s wheels ineffectively on your site.
If you are at all interested in getting the the heart of this issue (as I am) then I would still be very interested in helping you get to the bottom of the cause of this issue and figure out why my plugin didn’t work on your site. Please feel free to contact me directly:
eli AT gotmls DOT netForum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] AUto scanningThat is a feature that I am working on, but it is not possible in the current version.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] virüsü bulamadımThose URLs might be getting crawled because they are linked to from some other site (maybe even a malicious site using bad links that don’t exist on your site). Regardless, the google search console is where you need to go to solve this. Start by uploading a valid sitemap so that Google knows what page YOU want them to index and how often.
You can also use the “Fetch as Googlebot” feature in the Search Console to see what google is finding on those pages (hopefully nothing, should be just a 404).
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] virüsü bulamadımThis issue has nothing to do with my plugin. This is something you need to look into on your Google Search Console. Here are some links that might help you solve this problem:
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] menu.php errorHi David,
Not sure what kind of help you need but if you want to contact me privately you can send me a direct email:
eli AT gotmls DOT netForum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Still have malwareActually it looks like your problem was fix by my plugin but that Sucuri scan was cached so it was not accurate any more. I clicked the Re-scan link at the bottom of their scan results that said:
Scanned 22 hours ago. Force a Re-scan to clear the cache.… and now it shows that your site is clean.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Unable to update definitionsCan you get to all the other Anti-Malware pages in admin (just not the definition updates?
You can check the error_log files on your server to see what caused this issue.
That URL goes to your wp-admin which I do not have access to so I cannot see the problem you are experiencing. Can you please send me a screenshot?
If you have any info that you don’t want to post on the forum you can email me directly for more support: eli AT gotmls DOT net
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Got Stuck and scan “hung” ¿?I’m not sure that creating a new site and importing your post will get you a clean site if the injection are in your posts. Also, it is usually not necessary to create a new site and it should be possible to clean the injections out of your existing site. I just need you to help me help you figure out what’s wrong.
If you can follow the troubleshooting setting that I detailed in my last post and then report back with a sreenshot showing which definitions are repeating and how many time they are repeating then I can help you more.
I know that it’s hanging at 98-99% but that info does not help me to determine why. By setting the scan depth to 0 we can focus on the DB Scan and pinpoint the problem in your DB. If you are willing to give troubleshooting a try then please look for these details that I need to see in the screenshot. specifically which queries are hanging and re-scanning with smaller limits, and how small you are letting the limits get before giving up on the scan.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Got Stuck and scan “hung” ¿?I see that it is the DB Scan that it is getting stuck on. Your screenshot only shows the beginning of the re-scan, can you start the Complete Scan with the Scan Depth set to 0 so that it only scans the DB and not any files? This will focus the scan on where the problem is so that we can troubleshoot.
If it fails the initial DB Scan then it will break up the scan into an individual search for each type of database injection. For each of those that fail it will further reduce the record limit on each query by half until the queries succeed (2048, then 1024, then 512, etc.) Hopefully we can then tell which one it is hanging up on and how small the record-sets need to be to return results.
Let the scan run for about 10-20 minutes with the scan depth at 0 to see if it will finish and then take another screenshot if there are still a few that it is getting stuck on.
It is not my plugin that google has flagged as malicious here, it is your wp-admin that Google is warning you about. You can see the same warning on other wp-admin URLs on you site.
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fwww.vavajodeluxe.com%2Fwp-admin%2Fadmin.phpSo you admin URL has been black listed by Google and now you need to scan and clean it and then request a review to get it off the blacklist.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Scanner logsI see. Well then I would suggest that you run the complete scan and then take a screenshot of the results when it’s finished and showing 100% green and no threats found 😉
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Scanner logsI’m sorry but there is no export feature. there is only the scan history shown on the Settings page, the Quarantine log that shows the malware that was removed, and the real-time results of the active scan.
Can you tell me more about what you need? Maybe there is another way to get what you are looking for.