Eli
Forum Replies Created
-
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Help: rogueads.unwanted_adsI don’t see any rogue ads on your site, do you?
Maybe this is a false positive from sucuri. Even the code they have highlighted is broad and does not pinpoint anything that shouldn’t be there.
Do you have any other indication of a possible infection that I should take a look at?
Actually, the real problem here was the fact that the freemius class was using the __fs_blog_admin=true parameters to authorize the action to perform DB updates on the wp_options table without any actual admin authentication. My initial reaction was to create a Firewall Rule that blocked all actions that used that __fs_blog_admin parameter. However, I have since refined that Firewall Rule to pinpoint the actions that were also attempting the table updates. Setting a post parameter to true will never replace the built in authentication and this particular exploit caused a lot of damage. If you have an example of a URL that is safe and it is still being blocked by my plugin with the most resent definition updates then please email me directly with the URL and the plugin or theme that I would need to test it on, along with any explanation you wish to describe how this usage is safe and cannot be exploited.
eli AT gotmls DOT net
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] favicon.ico content scanYes, my plugin scans those files for maliciouus content and also looks for and removes the include links in other files that would cause that malicious code to run.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] 8 Scan / read errorsThanks for sending me these files to examine. Those are stock WP Core files and they do not contain any malware. You probably got this Read Error because those files are so big. Technically there are no files that are too big to be scanned, but if your PHP memory_limit is set too small then the scan will crash when trying to open and read large files. Typically your host will give you some way to change the memory_limit in your PHP config or you can ask them to modify the php.ini file for you and increase the memory_limit to 256M or even 512M and that should solve this issue for you.
I thought that I had all the URLs dynamically detecting if the site was using SSL or not and outputting HTTPS links for secure pages, but maybe CloudFlare SSL is not detected right. I will have to look into to this further to see what needs to change.
Can you send me the output from your browser’s Console, which might contain JavaScript Errors or Security Warnings that would help me narrow down the exact cause of this issue?
@cequ,
This topic is resolved!As I keep saying, it takes time for Google to respond to these types of issues.
If you want more help with your specific problem then you need to post more details bout your specific situation, Like URLs and screenshots that illustrate where you are at in the process or cleaning up your site’s reputation after the infection was removed. What does Webmaster Tools look like, any issues flagged there?
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Plugin warningNo need to be worried, that warning is just more of an FYI. It would be very helpful for diagnosing a conflict if the scan was slow or not able to finish, but if the scan is working normally than there is no need for concern π
Can you enable your other plugins one at a time to see which one is conflicting with the scan. Then I can do some testing with that plugin and see why it is causing that scan behavior.
In general it takes Google an annoyingly long time to re-assess the status of your site after an infection was detected. Once their bots finally decide to re-index the formerly infected pages on your site then they should be able to approve your ads again. Until the re-indexing occurs they will only respond to you based on the cached pages of your site that they seethe malware on. You can use the Google Search Console (formerly called Webmaster Tools) to request a review and submit a current sitemap, which may help expedite the process, but it can still take (sometimes even weeks) to get all the cached pages re-indexed.
@nedalpro,
If you want help with your site it would be better to post your own URL not the URL of the malware that was supposedly detected on your site. I don’t think that the WordPress Forum Moderators like it when people post malicious links on the forum.@saad_rashad,
My Anti-Malware plugin was finding the malware mentioned in this topic so it sound like you have a different issue.“rogueads.unwanted_ads” does not tell us anything about what code is actually being detected on your site. Can you post your scan results or a link to your URL so I can see what you are dealing with?
Hi Steve,
First, you can address account related questions and requests on my website instead of posting here on the WordPress Forum.In this case the answer should be pretty simple though. Every URL get assigned it’s own key so HTTPS URLs will have a different key than HTTP URLs, but all you have to do is just register those new keys to the same email address that you used when you registered your old URLs and they will be assigned to the same account. So basically once you re-register those new key everything should be all good.
If you need any more help with this or have any account specific questions then you can email me directly and I will help you get it all sorted out:
eli AT gotmls DOT netForum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] ScanYou don’t need to make a donation. My plugin will find and fix know threat for FREE! You just need to download the latest definition update and then run the Complete Scan.
If there are any Known Threats found on your site then you can simply click on the button that says “Automatically Fix Selected Threats” and my plugin will remove the malicious code from the infected file for you. Do not delete these file manually or you might break your site. Just let my plugin do the job that it was designed for π
- This reply was modified 7 years ago by Eli.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] Automatically repairIf you really did download the latest definitions then you would not be getting those results.
As I said before: Make sure that you have downloaded the latest definition updates. Then, if the scan finds any known threats, you will see an automatic fix button.
If you think that this was done correctly but youβre not seeing the button then please send me a screenshot of the whole page so that I can tell whatβs wrong.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads?1If the functions.php files was cleaned by my plugin and you see it in the Quarantine but you still see the redirect on your site then you should re-scan your theme (you can use use the Theme Quick Scan button). If the functions.php files is found to be re-infected again then you have a breach on the server that is allowing your theme to be re-infected. You may need to more your site to a more secure hosting environment.
Yes, Thank you! This /wp-admin/includes/class-ftp.php file does appear to be a false positive. I have fixed the definition update from yesterday and released a new definition update today that fixes this issue.