WordPress.org

Ready to get started?Download WordPress

Forums

Anti-Malware (Get Off Malicious Scripts)
[resolved] Should I be concerned? Scan site =clean plugin=potential threats (7 posts)

  1. Confessionsofamommyof5
    Member
    Posted 1 year ago #

    I have reason to believe my website may be infected with Malware. I get the json, and eval(base64_decode in files, I used your scanner and these show up as potential threats and I also have 1 read/write errors. I've scan my site using Quttera and Sucuri and the both come back clean so I am really confused any help? Or if there's a way I can remove/fix them all together? Thanks for your time and guidance.

    http://wordpress.org/extend/plugins/gotmls/

  2. Eli
    Member
    Plugin Author

    Posted 1 year ago #

    eval(base64_decode is usually (but not always) a bad sign. There are always new threats coming out that slip past the various security scanners out there (even mine). A read/write error just means that my plugin could not scan that file. That does not automatically mean that there is something wrong with it but you can send it to me if you want me to check it for you. I generally tell people not to worry about "Potential Threats" but if you have reason to believe you are infected then that is where I would start looking.

    What reason do you have to believe your website may be infected with Malware?

    You can email any files directly to me: eli at gotmls dot net

    Aloha, Eli

  3. Eli
    Member
    Plugin Author

    Posted 1 year ago #

    I don't see anything in the list of "Potential Threats" to worry about, nor do I see signs of an infection. The files that failed to be read are also ok.

    I see that you have already patched the WP Login Exploit, so your site looks ok to me.

    Do you still have a reason to believe your website may be infected with Malware?

    Please let me know if there is anything else I should look.

  4. Confessionsofamommyof5
    Member
    Posted 1 year ago #

    I was trying to re-connect JetPack and it fails to connect when it tells me to check the xmlrpc.php files states that there's a connect from a another unauthorized site. The files in on the hosting servers seem to be tampered with as well. Still care for a look, if you have the time. Thanks for all your help!

  5. Eli
    Member
    Plugin Author

    Posted 1 year ago #

    I see that you have fixed this issue. Was the problem in
    /wp-includes/class-IXR.php
    or did you fix it another way?

  6. Confessionsofamommyof5
    Member
    Posted 1 year ago #

    What I had to end up doing was backing up the database and my site. I made a new DB, uploaded my site onto there. Then I installed a clean version of WP. However I still have an issue with a hidden admin.

  7. Eli
    Member
    Plugin Author

    Posted 1 year ago #

    Sorry for the delay in getting back to you and thanks for providing me with access to your site. After deleting that extraneous data in your usermeta table the hidden user account is gone and the number of users is displayed as 1 instead of 2.

    The "WordPress" in the <title> of the source code is in-fact normal and not something to worry about. So I think your all good now.

    Let me know if you need anything else.

    aloha, Eli

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.