Plugin Author
Eli
(@scheeeli)
Your site is working now. It looks like my plugin must have broken the syntax in that plugin file when it removed the threat.
Can I have a look at the backup of the infected file so that I can see why it broke?
You can email attachments directly to: wordpress at ieonly dot com
Mahalo,
Eli
Thread Starter
newks
(@newks)
the plugin for the most part worked as promised! Thank you. There was a little piece of code/text left in 2 index.php files. Once I removed those the site worked.
Overall the plugin helped tremendously – it would have been painstaking to have manually tried to remove all the malware code on each file that was infected – having to fix only 2 was a blessing.
I emailed you a file I hope it helps.
Thanks again.
Thread Starter
newks
(@newks)
i still have 59 potential threats identified, each with the same code…
eval(“?>$content<?php “)
is this something i should watch? Do you ahve any more data on that or know why you have it ‘found’ in the code?
I guess it just makes me nervous to see that many highlighted.
Thanks
Plugin Author
Eli
(@scheeeli)
Thanks for that file you emailed! I can now see why it broke and I will be updating my definitions soon to fix that.
As for the “Potential Threats”, I generally don’t worry about them and have been trying to figure out how to play down the importance of them because they are usually not malicious at all. However, I do find it suspicious that you have 59 of them that all eval that $content variable. Without knowing what that $content variable is set to I cannot say how dangerous it is. Could you send me one of those files too, or post more of the code?
Mahalo, Eli
Plugin Author
Eli
(@scheeeli)
I updated the definitions to handle that code removal better so you don’t get left with a syntax error.
Thanks for your help identifying the problem.
Aloha, Eli