Support » Plugins and Hacks » Anti-Malware Security and Brute-Force Firewall » [Resolved] some virus block me to access the site

[Resolved] some virus block me to access the site

Viewing 15 replies - 1 through 15 (of 17 total)
  • Plugin Author Eli


    This looks like a new threat that is not in my definitions yet. I you would be willing to give me WP Admin access to one of your infected sites I will find this new threat and add it to my definition update so that it can be automatically removed.

    You can email the login in directly to me: eli at gotmls dot net

    Aloha, Eli

    i just solve it with very traditional way, i download every folder from ftp to my desktop and my pc antivirus do detecting job …

    base on my desktop antivirus :
    virus name : JS/Expack.CM.3
    injected in all my theme header.php files,
    hopefully i really solve it, u still need access to take a lot ?

    suspected code provide by google webmaster :

    <script type="text/javascript" language="javascript" >

    or u can visit here for detail in their cache system :
    the main site already rescan without issue now ..

    Plugin Author Eli


    I would still like access to an infected site so I can see the infection in-place and test my own removal code. If you don’t have a site I can login to can you send me one of your infected hearder.php files?

    i don’t have the files anymore (cause my pc block it).

    I add and create you as my site admin now, remember my site is wpms 🙂
    account created 🙂

    email you ftp access too 🙂

    Plugin Author Eli


    Thanks for the access but it looks like you have already cleaned the infection out of your header. Do you have any sites that are still infected with this threat?

    unfortunately no (lucky me) …
    I think the problem should be on scanning not db, cause i recall your scanner detect the virus but only one files header.php (i have 4 header.php), but that header.php detect is the only theme that not using at all ….

    Plugin Author Eli


    Thanks for working with me on this and giving me access to your site. Based on the malicious code snippet you posted, and the files in your quarantine, I do think this malware is in my definitions already.

    Please keep a close eye on your site for a few days to make sure the infection does not come back. If you do get re-infected, and hope you don’t, but if you do, please let me know right away and I will look for the source of the infection too.

    Aloha, Eli

    seem like you plugin is conflict with wp social login.
    i try diagnose and think this is the issue :
    cookie save here /public_html/wp-content/plugins/gotmls/images/

    Plugin Author Eli


    WordPress does not handle sessions well, and some servers I’ve found don’t even have a session path, so I have added this to the top of my gotmls/images/index.php file in my plugin:
    if(!session_save_path()) session_save_path(dirname(__FILE__).'/');

    If this line is infact causing an issue I will have to look for another way to fix the no-session issue. Can you rem out that line and let me know if it solves the issue?

    Also, what are the symptoms you are experiencing due to this conflict?

    symptoms :
    when click on social login, new screen pop up -> redirect to this page : http://pgpropertyagent.com/wp-content/plugins/wordpress-social-login/hybridauth/?hauth.start=Live&hauth.time=1374262225
    with your plugin -> You cannot access this page directly.
    without your plugin -> redirect to social network API or login page.

    below is my website info with and without your plugin :
    without (different part) :

    SESSION:                  Enabled
    SESSION:WSL               WordPress Social Login 2.1.4
    COOKIE PATH:              /
    USE COOKIES:              On
    USE ONLY COOKIES:         Off

    with your plugin :

    SESSION:                  Enabled
    SESSION:WSL               WordPress Social Login 2.1.4
    COOKIE PATH:              /
    SAVE PATH:                /home/xxx/domains/domain.com/public_html/wp-content/plugins/gotmls/images/
    USE COOKIES:              On
    USE ONLY COOKIES:         Off

    hope this help ..

    Plugin Author Eli


    That message is from /public_html/wp-content/plugins/wordpress-social-login/hybridauth/Hybrid/Endpoint.php

    I was getting that error “You cannot access this page directly” with or without my plugin enabled. I tried remming out that first line of my plugin that changes the session path and nothing seems any different.

    Can you show me a working redirect without my plugin enabled so that I can see the difference?

    u can visit my site, i just try, is working now 🙂

    Plugin Author Eli


    When I go to:
    I still get:
    “You cannot access this page directly.”

    What URL can I use to see it working like you see it?

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘[Resolved] some virus block me to access the site’ is closed to new replies.
Skip to toolbar