Support » Plugin: Anti-Malware Security and Brute-Force Firewall » Linkangood.com not being recognised

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter tigervilja

    (@tigervilja)

    the address of the site in question is https://numerology.se not the one previously mentioned.

    Plugin Author Eli

    (@scheeeli)

    Thank you for reporting this. I have just added the new source to my definition updates. Please download the latest definition updates and run the scan again.

    Let me know if it is still not finding anything.

    Thread Starter tigervilja

    (@tigervilja)

    Hello Eli, Thank you so much from a new user!

    For all of you out there, this plugin is awesome and the way of donating a small sum for this protection is nowhere else to be found, you can register many sites and run the premium check on them all and very grateful for this quick feedback!

    Eli I don’t expect you to solve all my problems but I will explain here as thoroughly as I can what is happening, being a novice I don’t know what info is of importance and what is not.

    My continued main concern is if the database outside of the wp-installation is also infected and if all infection in the wp-installation is gone.

    Site https://numerology.se
    I installed your latest definitions and ran a full scan of wp-content only and 14 database injections were found and placed in quarantine on the site https://numerology.se
    Then running GTMetrix all mention of linkangood was gone.
    I then checked the database again but still found 8 hits when I searched for linkangood.

    I then ran a full scan again, this time not only in wp-content but the whole site. I did have to exclude cache since it got stuck always at 99% in wp-content/cache (I had disabled my cache plugin but it still got stuck at 99%) . As a side note, running the scan in wp-content only did not stop at 99% even though cache was enabled and not excluded. That scan came back clean. That leads me to wonder, the below from the database that still mention linkangood after the clean scan, are they just remnants and nothing to worry about? Or am I still infected?

    Found two hits in wphb_options
    SELECT * FROM purest5_wp203.wphb_options WHERE (CONVERT(option_id USING utf8) LIKE ‘%linkangood%’ OR CONVERT(option_name USING utf8) LIKE ‘%linkangood%’ OR CONVERT(option_value USING utf8) LIKE ‘%linkangood%’ OR CONVERT(autoload USING utf8) LIKE ‘%linkangood%’)

    5 hits in wphb_posts
    SELECT * FROM purest5_wp203.wphb_posts WHERE (CONVERT(ID USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_author USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_date USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_date_gmt USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_content USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_title USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_excerpt USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_status USING utf8) LIKE ‘%linkangood%’ OR CONVERT(comment_status USING utf8) LIKE ‘%linkangood%’ OR CONVERT(ping_status USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_password USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_name USING utf8) LIKE ‘%linkangood%’ OR CONVERT(to_ping USING utf8) LIKE ‘%linkangood%’ OR CONVERT(pinged USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_modified USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_modified_gmt USING utf8) LIKE ‘%linkangood%’ OR CONVERT(post_content_filtered USING utf8)[…]

    One hit in wphb_snippets
    SELECT * FROM purest5_wp203.wphb_snippets WHERE (CONVERT(id USING utf8) LIKE ‘%linkangood%’ OR CONVERT(name USING utf8) LIKE ‘%linkangood%’ OR CONVERT(description USING utf8) LIKE ‘%linkangood%’ OR CONVERT(code USING utf8) LIKE ‘%linkangood%’ OR CONVERT(tags USING utf8) LIKE ‘%linkangood%’ OR CONVERT(scope USING utf8) LIKE ‘%linkangood%’ OR CONVERT(priority USING utf8) LIKE ‘%linkangood%’ OR CONVERT(active USING utf8) LIKE ‘%linkangood%’)

    Database outside the wordpress installations
    There is also a database called information_schema that lies outside of the wordpress installations, maybe this is in public_html? In this database I found 1 hit of linkangood in PROCESSLIST
    SELECT * FROM information_schema.PROCESSLIST WHERE (CONVERT(ID USING utf8) LIKE ‘%linkangood%’ OR CONVERT(USER USING utf8) LIKE ‘%linkangood%’ OR CONVERT(HOST USING utf8) LIKE ‘%linkangood%’ OR CONVERT(DB USING utf8) LIKE ‘%linkangood%’ OR CONVERT(COMMAND USING utf8) LIKE ‘%linkangood%’ OR CONVERT(TIME USING utf8) LIKE ‘%linkangood%’ OR CONVERT(STATE USING utf8) LIKE ‘%linkangood%’ OR CONVERT(INFO USING utf8) LIKE ‘%linkangood%’ OR CONVERT(TIME_MS USING utf8) LIKE ‘%linkangood%’ OR CONVERT(STAGE USING utf8) LIKE ‘%linkangood%’ OR CONVERT(MAX_STAGE USING utf8) LIKE ‘%linkangood%’ OR CONVERT(PROGRESS USING utf8) LIKE ‘%linkangood%’ OR CONVERT(MEMORY_USED USING utf8) LIKE ‘%linkangood%’ OR CONVERT(EXAMINED_ROWS USING utf8) LIKE ‘%linkangood%’ OR CONVERT(QUERY_ID USING utf8) LIKE ‘%linkangood%’ OR CONVERT(INFO_BINARY USING utf8) LIKE ‘%linkangood%’ OR CONVERT(TID USING utf8) LIKE ‘%linkangood%’)

    Thank you
    Roger

    Plugin Author Eli

    (@scheeeli)

    It sounds like this issue is resolved. I just want to put your mind at ease by explaining that those remnants of the key word “linkangood” that are still showing up in your DB are not part of your sites active content. These scattered remains are either stored revisions of past versions of your content that are not currently used on the front end of your site or else found in deleted posts and pages that are also not displayed.

    The other occurrences in the option, snippets, and schema tables are not actual instances of the full script but rather they are various records of your searches for that key word “linkangood”.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Linkangood.com not being recognised’ is closed to new replies.