Should I be concerned? Scan site =clean plugin=potential threats

  • Resolved Confessionsofamommyof5

    (@confessionsofamommyof5)


    10 years, 11 months ago

    I have reason to believe my website may be infected with Malware. I get the json, and eval(base64_decode in files, I used your scanner and these show up as potential threats and I also have 1 read/write errors. I’ve scan my site using Quttera and Sucuri and the both come back clean so I am really confused any help? Or if there’s a way I can remove/fix them all together? Thanks for your time and guidance.

    http://wordpress.org/extend/plugins/gotmls/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Eli

    (@scheeeli)

    10 years, 11 months ago

    eval(base64_decode is usually (but not always) a bad sign. There are always new threats coming out that slip past the various security scanners out there (even mine). A read/write error just means that my plugin could not scan that file. That does not automatically mean that there is something wrong with it but you can send it to me if you want me to check it for you. I generally tell people not to worry about “Potential Threats” but if you have reason to believe you are infected then that is where I would start looking.

    What reason do you have to believe your website may be infected with Malware?

    You can email any files directly to me: eli at gotmls dot net

    Aloha, Eli

    Plugin Author Eli

    (@scheeeli)

    10 years, 11 months ago

    I don’t see anything in the list of “Potential Threats” to worry about, nor do I see signs of an infection. The files that failed to be read are also ok.

    I see that you have already patched the WP Login Exploit, so your site looks ok to me.

    Do you still have a reason to believe your website may be infected with Malware?

    Please let me know if there is anything else I should look.

    Thread Starter Confessionsofamommyof5

    (@confessionsofamommyof5)

    10 years, 11 months ago

    I was trying to re-connect JetPack and it fails to connect when it tells me to check the xmlrpc.php files states that there’s a connect from a another unauthorized site. The files in on the hosting servers seem to be tampered with as well. Still care for a look, if you have the time. Thanks for all your help!

    Plugin Author Eli

    (@scheeeli)

    10 years, 11 months ago

    I see that you have fixed this issue. Was the problem in
    /wp-includes/class-IXR.php
    or did you fix it another way?

    Thread Starter Confessionsofamommyof5

    (@confessionsofamommyof5)

    10 years, 11 months ago

    What I had to end up doing was backing up the database and my site. I made a new DB, uploaded my site onto there. Then I installed a clean version of WP. However I still have an issue with a hidden admin.

    Plugin Author Eli

    (@scheeeli)

    10 years, 11 months ago

    Sorry for the delay in getting back to you and thanks for providing me with access to your site. After deleting that extraneous data in your usermeta table the hidden user account is gone and the number of users is displayed as 1 instead of 2.

    The “WordPress” in the <title> of the source code is in-fact normal and not something to worry about. So I think your all good now.

    Let me know if you need anything else.

    aloha, Eli

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Should I be concerned? Scan site =clean plugin=potential threats’ is closed to new replies.