WordPress.org

Ready to get started?Download WordPress

Forums

Anti-Malware (Get Off Malicious Scripts)
[resolved] WP Login Exploits (3 posts)

  1. StevenA
    Member
    Posted 1 year ago #

    hello,

    I keep on getting an malwarebytes milicous website warning from web url: 46.229.165.8 and have already reported these findings to the abuse email of that ISP in the UK. He wanted proof I sent it to him awaiting his reply.

    I installed he WP Anti-Malware plugin and it found 2 WP Login Exploits and 35 code issues of potential threats, this is a brand new site cloned last week from my main site.

    I quarantined the two files and only had 10 potential threats left. Then ran WP update to version 3.5.1 and updated all my plugins went fine. Ran the scan again after this completed and the WP Login Exploit came back along with 12 potential threats.

    I am not a code reader but it looks like the first part of code has 4 letters separated by dashers with a URL something before it. I think the hacker SOB encoded 46.229.165.8 into letters that's why it came right back.

    I tried to delete the highlighted part of code that the potential threat found but it won't let me delete it so if anyone here know how to do this I'm all ears.

    I don't care if I screw up the site and it goes down I'll just reload it again. But I would like to learn how to correct this problem so I can repair it on my main site where I do care about it.

    Maybe someone else has been hacked by this same SOB and I have a real good idea who he is because his was the only site I did training on in the UK and he was kind of a shady critter that's why I left.

    Any help greatly appreciated thanks in advance.

    Steven

    http://wordpress.org/extend/plugins/gotmls/

  2. Eli
    Member
    Plugin Author

    Posted 1 year ago #

    Aloha Steven,
    I would be happy to help you identify any remaining threats. Once I find the threats I can add them to my definition updates so that they can be automatically removed in the future. If you are willing to give me WP Admin access to your site I can login and start by reviewing the list of potential threats. You can email me directly with the login info: eli at gotmls dot net

    Mahalo, Eli

  3. Eli
    Member
    Plugin Author

    Posted 1 year ago #

    Aloha Steven,
    Thanks for giving me access to your site. I was able to determine that my plugin was skipping certain files because those files were empty. I have released a plugin update that provides more information about the reason for skipping files so that it will be more clear in the future why they are skipped.

    I also added more information about the wp-login.php patch that my plugin can apply. It is an optional patch that will harden the security of the login page. I highly recommend it to protect against DDoS and Brute-Force attacks.

    Other than that, your site looks clean. None of the potential threat are anything to worry about. I will continue to white-list the potential threats that I find to be safe so that there is not so much there to look into. Please let me know if you need anything else.

    Aloha, Eli

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic