Support » Plugin: Anti-Malware Security and Brute-Force Firewall » MW:SPAM:SEO spam problem

  • Resolved th3rion

    (@th3rion)


    Hi

    I recently had a problem with backdoor trojans and malware. On my server 9 sites where infected. With this plugin I managed to get rid of infection on all of them but I can’t clean one.

    This plugin says site is clean but Sucuri detects MW:SPAM:SEO

    I manually updated all of wp core files so everything should have same date but some of files have newer date. I compered oryginal core files and this modified files and all of theme have somewhere script with such link:

    I don’t know where to look for cause of infection – I think updating files wont help.

    https://wordpress.org/plugins/gotmls/

Viewing 15 replies - 31 through 45 (of 58 total)
  • deleted post

    Plugin Author Eli

    (@scheeeli)

    jojones55,
    You can email me directly: eli AT gotmls DOT net

    a simple solution for anyone can access root folder:

    use Dreamwaver or other coding program “Batch replace” function to search the injected code and replace with blank textbox, we have successfully clean all infected site( clean nearly 100000+ infected code in few hour).

    but most importantly is to update the Revolution Slider to latest (4.6), they confirm the backdoor has been fixed.

    Thanks so much for your support!
    I scan and clean several times with your plugin, then advise google tools,and google now whitelist again the site.

    (i use also scan and clean of Wordfence,while sucuri scan seems not to work at all from the wp plugin,
    also i delete rev slider and some other plugin)

    Now that wp site (and also root simple html site which i clean manually ) it “seems” to be clean,I kindly ask your suggestion about “if it could be more safe to load a full backup of some days ago, and repeat all the cleaning and operations.
    (meanwhile i got ithemes plugin set up)

    I kindly ask you if u can post a “screenshot” of the “scan level value” to easily find it (if needed i will mail you).

    Do you think that choosing a solution like sucuri plan with auto antimalware+firewall (100$ year+10$ month) or a Wordfence solution as 40$ year ” prevention oriented”, would be a “definitively solution step”?
    Actually i am on Cloudflare, would you kindly tell us if Incapsula would be another solution to set up?
    Sorry for much words, but when somebody “trustly” is founded, it seems to have reached something like “oasi in the desert”…
    Meanwhile i observe all this “corrupted economical mankind games” (thats my personal point of view about what happen…)
    I’m about to make my donation and suggest to officialy proclame you the 1st “saint of wordpress” community!
    thanks for support, aloha!

    Eli, I have been scanning with your plugin but still have Malware according to Webmaster Tools.

    Maybe I am being impatient but I just want to check; should we also be ticking the boxes of the ones your plugin doesn’t fix automatically, but it says something implying that it is a threat?

    There was a case earlier where I was able to tick 39 boxes and have them dealt with too. I’ve done so many sites though that I lost track of whether that site is now fixed.

    Good day I found all infected files is always a long list http://www.piemse.com/?p=637

    I see people mention this is able to remove the collect.js malware but is it going to prevent it from happening again?

    Has anyone found the actual cause to this massive malware issue? We cleaned out a few sites the other day and now we have it again.

    From what I have been reading Revolution Slider is what people are betting on being the cause. The problem is that it is bundled with themes so there is no simple way for a non-techy user to update it and protect from further attacks.

    We updated all sites that were using revslider when we cleaned all of these and wrote a script to remove it from all files… Now couple days later its back so now trying this plugin. Was just seeing if this plugin is going to prevent it from happening or just remove it every time it happens.

    Plugin Author Eli

    (@scheeeli)

    Yes, The newest version of my Anti-Malware plugin removes the malicious scripts injected AND automatically block exploits of the Revolution Slider. Even if you have the old version of Revolution Slider that is still vulnerable my Anti-Malware plugin will block these attacks and prevent hackers from accessing your files through this RevSlider exploit.

    I cannot really speak to how any other plugins are handling this new threat. It changes every day and it takes sharp skills and dedication to stay on top of the latest threats and vulnerabilities. The best advice I can give is to research what others are saying about these other security plugin, look at independent reviews (especially the gripes and complaints), see how they handle support issues, etc.

    I haven’t used any other plugins to remove it we manually coded a script to remove it, but it came back. I also updated all the revslider plugins to 4.6.5, even backup directorys, then we ran the script and it removed it from everything and everything seemed fine for a day now its back.

    I successfully removed this script from a few sites today using your plugin, so we will see if it stays away or not. I will keep you updated. It seems like it might have been coming from something other than revslider which people keep thinking, as I thought this was updated back in like feb of this year from themepunch. I guess it’s trial and error.

    If this prevents this from returning we will be using this on all sites on the server.

    I highly recommend Eli’s Anti-Malware plugin. I’ve been working on this same issue (RevSlider hack that installed malware & backdoors) for 5 days now and his plugin has performed amazingly. I check for his updated definitions via the plugin sidebar a couple times a day and read these forums for his notes.

    I tried the free versions of Sucuri and Wordfence, both of which could find some problems. Neither could actually fix them though, at least without subscribing to their services. I kept the free versions installed for the auto-emails on login attempts, file changes and such.

    Eli’s plugin was tackling the issue within 30 minutes of installing. He has been constantly updating his malware definitions for the plugin, so it caught a few more smaller issues over the next few days as he improved the plugin’s ability to hunt this bug.

    Same RevolutionSlider outdated version bug got 5 of my WordPress sites on a shared host. First notice from my host was on Nov 30th, 2014 that their auto-scan had deleted a suspicious file in the RevSlider directory. I didn’t notice it until Google blocked two of my sites in mid-December.

    I was relying on my hosts free backup service, but it didn’t have a backup from before the first notice of a problem. So I’ve been working without a net, unable to go back to a truly clean version of these WordPress installs.

    Nearly had to tell my wife we had lost her online store for the holiday season. Thanks to Eli, we’re up and running. Plus keeping an eye out for any more of his updates.

    Hi,
    I have the same problem,
    First, I’ve deleted the line which include 122.155.168.105.., from header.php , updated wp and my theme, then it worked, after 2 days, site infected again.
    Do you have any other recommendation. ?
    Is there any possibility that malware infects the database or sth. else ?
    Thanks

    Plugin Author Eli

    (@scheeeli)

    Do you have my Anti-Malware plugin installed and updated? It automatically block the Revolution Slider exploits. It will also search your whole site for any other infections and backdoors.

    Yes, I’ve ,installed your program, it found that threat in many different locations and I’ve fixed with it. However, the problem is still occuring. How can I use your plugin for blocking the exploits from slider.
    Thank you
    Best

Viewing 15 replies - 31 through 45 (of 58 total)
  • The topic ‘MW:SPAM:SEO spam problem’ is closed to new replies.