Eli
Forum Replies Created
-
This sounds like a direct database injection, which means that your server might be compromised and you might not have any malicious files or back-door scripts on your site.
The first thing that you should try is to reset your database password and update the DB_PASSWORD in your wp-config.php file to match. Then, if you still have frequent injections into your DB then you may need to consider moving your site to a more secure hosting environment.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Scan not startingTry un-checking the Database Scan to see if the scan starts then. Let me know the results of that.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Redirect MalwareTry clearing your cache. If it’s still redirecting then try the complete scan again.
Also make sure that any caching plugins are turned off in your wp-admin.
Yes, that should work, but you could also just delete that value with a query.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Redirect Malware1) Yes, the scan results are only active while you are on the page.
2) The plugin fixes infected files by removing the infected code and also patches most known vulnerabilities.
3) Just one will unlock all the site registered on that email address.Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Redirect MalwareThanks, and yes I always what to know about new threats but you can contact me directly in the future or post it on my site instead of here.
Anyway, I saw what you posted before it was deleted and I added it to my definition updates as you expected I would, so you should be able to scan your whole site and remove all the instances of this malicious scripts from your site.
The newer versions of my pluginp automatically clean up and delete the definition values stored in the database when you deactivate the plugin.
It sounds like this issue is resolved. I just want to put your mind at ease by explaining that those remnants of the key word “linkangood” that are still showing up in your DB are not part of your sites active content. These scattered remains are either stored revisions of past versions of your content that are not currently used on the front end of your site or else found in deleted posts and pages that are also not displayed.
The other occurrences in the option, snippets, and schema tables are not actual instances of the full script but rather they are various records of your searches for that key word “linkangood”.
The read errors are probably just because the memory_limit is set too low in the php.ini file on your server. Try asking your hosting provider to help you increase your memory_limit.
Getting stuck in the cache folder could be problematic but the solution is simple, delete the cached files. You should not waste your time and CPU scanning cache files. Those files should be cleared anyway, especially if you have had any kind of infection on your site that might have been preserved in your cache. In addition, it’s a good idea to completely disable all caching on your site while you are working on cleaning up an infection so that you can be cure that you have got it all clean and only start building and storing cache once you are sure that it will not be contaminated by any active threats.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Query about date infectedIt is possible for the scripts to edit the modified date stamped on the files that get infected to further obscure the actual infection date.
There is also a date changed and date created which are harder to corrupt but may not help you if the files were there before or have been changed after the infection (as would be the case if they have already been cleaned).
You could try installing a backup and then checking the stats on those files that you know were infected, but it also may not be needed to restore a backup if you have already completely removed the infection.
Because of the list you provided, showing images and scripts that are clearly not malicious or otherwise infected in any way, I would have to say that Google is wrong about these links being malware. Unfortunately, it is going to be an uphill battle for you to convince them of this. They may have blacklisted your domain thus causing all URLs on your site to be rejected. You should start by inspecting your site in Google Webmaster Tools, now called Search Console. Check the security section to see if they have anything reported there and request a review. Then just need to argue with Google Ads to convince them that your site is actually clean or insist that they show you what code they are flagging as malicious in these files they have listed.
Can you send me an example of the malicious code that Google is finding on your site?
Thank you for reporting this. I have just added the new source to my definition updates. Please download the latest definition updates and run the scan again.
Let me know if it is still not finding anything.
Forum: Reviews
In reply to: [Anti-Malware Security and Brute-Force Firewall] Very efficient !It fixes all the known threats and back-door scrips it finds for free and you can also get definition updates manually for free.
Donations will unlock premium features like Automatic Updates and the Brute-Force Login Patch.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Still infectedI would need to check it out to see what kind of threat you are dealing with. What is the affected URL?