Viewing 3 replies - 1 through 3 (of 3 total)
  • I just scanned your website using the same tool, but didn’t see the warnings [1].

    It is possible that the warnings that you are seeing reported by the plugin, obtained by communicating with the same tool liked below, are already resolved and are just showing up in the dashboard because they are cached in this file [2]. You can go to the settings page, and reset the cache using the button in the “Data Storage” panel.

    However, if you want to be sure that your website is really clean, I suggest you to search this text eval( through out the entire website. Review the content of the files to determine if they are malicious or not. The page that you liked in your comment explains what the error means, it seems that when the plugin was scanning your website for malware, it found one or more files with multiple calls to the eval PHP function [3].

    Let me know if you need more information.

    [1] https://sitecheck.sucuri.net/results/zonderfamilylaw.com
    [2] /wp-content/uploads/sucuri/sucuri-sitecheck.php
    [3] http://php.net/manual/en/function.eval.php

    Thread Starter michaelnorth

    (@michaelnorth)

    Hi, thank you for the quick response 😉

    Yes, I did clear the cache (three times total), but the errors came back exactly as before. See screenshot here: https://www.dropbox.com/s/5yegkskx36nkegw/07-01-2018-5.png?dl=0

    When you say search the site for “eval(“, do you mean file-by-file (not sure how to do that), or the database?

    Yes, I did clear the cache (three times total), but the errors came back exactly as before.

    That’s quite strange because the warnings in the screenshot are coming from non-existing pages that the malware scanner tries to download to detect malicious code injected by a type of malware that hides in 404 pages. But I ran some tests and it seems that your website is configured to automatically redirect any non-existing page to the home page. The scanner shouldn’t be able to download anything if the redirection is in place.

    I suggest you to review the content of this file .htaccess.

    Usually, with this type of infection, the attacker hides some instructions in this file to conditionally redirect the connections to pages containing the malicious code, but the redirection only happens when the malware detects specific bits of information that certain web browsers or web crawlers like Google Indexer use.

    When you say search the site for “eval(“, do you mean file-by-file (not sure how to do that), or the database?

    If your website is hosted in an Unix-like server, like Linux, you can use a tool called grep [1] to recursively scan your entire website for a specific text. You will need to execute this command [2] via SSH. If you don’t have SSH access to your web server, you can any regular code editor to search through all the files, you don’t need to do this file-by-file, it would take you a significant amount of time.

    Searching the malicious text in the database is also a good idea. You can execute a SQL statement like this [3] against each table, in this case, you will have to do it manually, one time per table. Or you can export the entire database into a single SQL file and search the text using a code editor.

    By the way, be sure to reset the Sucuri plugin cache first before resetting the website cache. If I am not mistaking, you are using a plugin called “Cache Enabler”. It is also possible that the warnings are only showing up because the website cache still contains the text which may or may not exist anymore in the real source code.

    [1] https://en.wikipedia.org/wiki/Grep
    [2] grep -E -r -n "eval\(" /directory/where/wordpress/is/installed/
    [3] SELECT * FROM table_name WHERE column_name LIKE "%eval(%"

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Site is not Clean Errors’ is closed to new replies.