Support » Plugin: Anti-Malware Security and Brute-Force Firewall » js.donatelloflowfirstly. ga not removed from DB

  • Hello,

    We are (paying) user of GOTMLS since a while, but today we realised that it’s not working on most of our websites that have been infected with this new virus js.donatelloflowfirstly. ga

    Could you tell us if you have a plan in mind to clean it correctly?

    Kind Regards

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Eli

    (@scheeeli)

    My plugin already has this threat in the definitions. Are you saying that you have multiple sites infected with this threat and my plugin found nothing, or did my plugin find something but you think that this threat is still there after the auto-fix was applied?

    Do you happen to have either the pixelyoursite plugin or the elementorplugin installed on any of these sites?

    Can you give the URL of an infected site so that I can check it out?

    If you don’t want to post any URLs on this public forum you can email the info directly to me:
    eli AT gotmls NOT net

    text removed. created my own topic.

    • This reply was modified 3 months, 2 weeks ago by Dave Stevens.
    Plugin Author Eli

    (@scheeeli)

    Hi @paramedic192,
    Thanks for creating your own topic. I have replied to the new topic but my reply has been help for moderation.

    https://wordpress.org/support/topic/donatelloflowfirstly-follow-up/#post-13271843

    Hopefully the moderators will release my reply soon 😉

    Dear Eli, thank you for your reply and your support btw.

    We have multiple websites on the same hosting plan. And all of them have been hacked with or without elementor plugin. And we don’t find the hole. Themes are paid ones, same for plugins.

    We followed also the medium’s article on this topic to remove it manually we had to make some cleaning in the DB.

    The GOTLS found few positives but not in the DB. Only on the files. Is that correct?

    Here you go the tutorial:
    https://www.waikey.com/vps-tutorials/remove-js-donatelloflowfirstly-ga/

    Plus Update
    Depends on research, there are 3 opinion on this backdoor

    1: Backdoor comes with the nulled themes or plugins, so just delete them and only use the official version.

    2: The “Ultimate Addons for Elementor” plugin been hacked. Then just delete the plugin or update it if available.

    3: Strange thing I met is that I have no “Ultimate Addons for Elementor” installed on my site. But my theme is based on “Option Framework”, don’t know if it’s been hacked since this framwork has not been updated for several years.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.