WordPress.org

Forums

Anti-Malware and Brute-Force Security by ELI
[resolved] Malware in e-commerce site (4 posts)

  1. boosdaddy1
    Member
    Posted 1 year ago #

    I installed you scanner, ran a scan and it said it found problems and fixed them, when I brought the site back up again it was gone, just a blank page, I had to go to the quarantined files, reinstall all of them to bring the site back again. Please help. when the site is accessed on a Mac or I-phone it goes to some porn site, I was told it probably has a Mal-ware infection.

    http://wordpress.org/extend/plugins/gotmls/

  2. Eli Z
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks for contacting me about this. It would seem that the malicious scripts are anchored into the site so the their removal causes the site to crash. I would love the opportunity to discover how they have done this so that I can release a definition update to combat this technique.

    If you are willing to allow me access to your WP Admin so that I can fix this for you then please email me directly. You can send your login details to: eli at gotmls dot net

    If your not willing to let me into your site please at least send me the infected files so that I can work on this issue for you.

    Aloha, Eli

  3. boosdaddy1
    Member
    Posted 1 year ago #

    I would very much appreciate your assistance in this matter, but the site belongs to a client of mine, I believe he would allow access to you in order to fix this issue, allow me to speak with him tomorrow to get his approval, I will send you the info tomorrow, Thank You very much

  4. Eli Z
    Member
    Plugin Author

    Posted 1 year ago #

    Ron,
    Thanks for make me an Admin user on the site. This was a pretty bad infection. The reason the site crashed after the first cleaning was because the infected files that were removed from the cgi-local folder were actually being required by the index.php files in the root. This was part of the hack so I added it to my definitions update and removed it.

    I also removed a backdoor, an htaccess hack, and other known threats in 86 other files. I think it's all clean now and it's still there too ;-).

    Can you confirm that it no longer redirects your iPhone?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic