[Resolved] some virus block me to access the site
i running wpms, i can access the site with no problem, but some sub domain seem like having problem.
On main site (http://pgpropertyagent.com), i can scan the all files and found no issue but google and firefox is blocking it now ….
for example :
This looks like a new threat that is not in my definitions yet. I you would be willing to give me WP Admin access to one of your infected sites I will find this new threat and add it to my definition update so that it can be automatically removed.
You can email the login in directly to me: eli at gotmls dot net
i just solve it with very traditional way, i download every folder from ftp to my desktop and my pc antivirus do detecting job …
base on my desktop antivirus :
virus name : JS/Expack.CM.3
injected in all my theme header.php files,
hopefully i really solve it, u still need access to take a lot ?
suspected code provide by google webmaster :
or u can visit here for detail in their cache system :
the main site already rescan without issue now ..
I would still like access to an infected site so I can see the infection in-place and test my own removal code. If you don’t have a site I can login to can you send me one of your infected hearder.php files?
i don’t have the files anymore (cause my pc block it).
I add and create you as my site admin now, remember my site is wpms 🙂
account created 🙂
Thanks for the access but it looks like you have already cleaned the infection out of your header. Do you have any sites that are still infected with this threat?
unfortunately no (lucky me) …
I think the problem should be on scanning not db, cause i recall your scanner detect the virus but only one files header.php (i have 4 header.php), but that header.php detect is the only theme that not using at all ….
Thanks for working with me on this and giving me access to your site. Based on the malicious code snippet you posted, and the files in your quarantine, I do think this malware is in my definitions already.
Please keep a close eye on your site for a few days to make sure the infection does not come back. If you do get re-infected, and hope you don’t, but if you do, please let me know right away and I will look for the source of the infection too.
seem like you plugin is conflict with wp social login.
i try diagnose and think this is the issue :
cookie save here /public_html/wp-content/plugins/gotmls/images/
WordPress does not handle sessions well, and some servers I’ve found don’t even have a session path, so I have added this to the top of my gotmls/images/index.php file in my plugin:
If this line is infact causing an issue I will have to look for another way to fix the no-session issue. Can you rem out that line and let me know if it solves the issue?
Also, what are the symptoms you are experiencing due to this conflict?
when click on social login, new screen pop up -> redirect to this page : http://pgpropertyagent.com/wp-content/plugins/wordpress-social-login/hybridauth/?hauth.start=Live&hauth.time=1374262225
with your plugin -> You cannot access this page directly.
without your plugin -> redirect to social network API or login page.
below is my website info with and without your plugin :
without (different part) :
with your plugin :
hope this help ..
That message is from /public_html/wp-content/plugins/wordpress-social-login/hybridauth/Hybrid/Endpoint.php
I was getting that error “You cannot access this page directly” with or without my plugin enabled. I tried remming out that first line of my plugin that changes the session path and nothing seems any different.
Can you show me a working redirect without my plugin enabled so that I can see the difference?
When I go to:
I still get:
“You cannot access this page directly.”
What URL can I use to see it working like you see it?
- The topic ‘[Resolved] some virus block me to access the site’ is closed to new replies.