perezbox
Forum Replies Created
-
Forum: Themes and Templates
In reply to: Templete SyntaxThis often talks to a corrupt install.
Try restoring wp-includes / wp-admin / and the root files with a clean version. And I don’t mean copy over, I mean, remove the old files, then push a new set over.
See if it helps, it usually does.
Thanks
Forum: Hacks
In reply to: Unwanted data and scripts on web pagesYou should consider taking some time to read this post to understand why a plugin like that may or may not help you: http://blog.sucuri.net/2014/09/understanding-the-wordpress-security-plugin-ecosystem.html
You’re frankly just asking the wrong question.
As for restoring backups, it’s only going to remove backdoors if you didn’t backup the backdoors. There in lies the rub with backups, it does exactly what it the name implies – backs everything, good or bad.
In short, a backup might not be the right answer for you.
You need to invest the time to identify those backdoors, if they exist. And follow some of the post-hack recommendations.
Tony
Forum: Fixing WordPress
In reply to: Plugins have disapeared from wp-adminHave you already contacted your host to see if they can get you the error logs? Always good to look at the errors logs.
It could be an injection breaking the load sequence, or it could be a conflict between an update / install etc.. hard to say without more details.
Tony
Forum: Everything else WordPress
In reply to: www.hamaritaxi.com hacked. Notified by hatrk – Zone-H.orgWhat exactly don’t you understand?
Forum: Hacks
In reply to: disk usage growing (Hacked?)Have you already contacted your host regrading their thoughts on what is taking up the space?
Tony
Forum: Fixing WordPress
In reply to: HELP…I'm getting hacked/virus almost every 3 days…Try some of these tips: http://blog.sucuri.net/2012/11/website-malware-removal-ftp-tips-tricks.html
Understand though that looking for backdoors is not a simple thing to do, the best recommendation I often give folks is reinstall core and all the themes and plugins and disable PHP execution in /Uploads
If you’re not a developer, without engaging professionals to help, that’s going to be one of the best solutions..
Tony
Forum: Fixing WordPress
In reply to: Malware code injectedHi Ghulam
If you have cleared the infection and you are positive of it, then you should follow these instructions to get you off their hit list: https://support.google.com/webmasters/answer/2600725?hl=en
Here is some information on what you can expect on the process of getting it removed: http://blog.sucuri.net/2011/12/ask-sucuri-how-long-it-takes-for-a-site-to-be-removed-from-googles-blacklist-updated.html
This article will likely help you as well: http://blog.sucuri.net/2012/07/google-blacklist-warning-somethings-not-right-here.html
Thanks
Forum: Everything else WordPress
In reply to: has wp-config been hacked?Hi @bulb
This is too big a question to ask, not enough content.
If you have stuff in your wp-config that you didn’t put, then it’s a good possibility it’s hacked.
Of all the links above, I’d encourage you to start with this one: http://codex.wordpress.org/FAQ_My_site_was_hacked
It’ll help you start a bit more focused.
Tony
Forum: Hacks
In reply to: Unwanted data and scripts on web pagesWell if a site is ever showing stuff you unintended or didn’t plan for, it’s often a very good sign that it’s been compromised. Only you can say for sure though, as you only you should know what your website is really about and what belongs.
Here is a good place to start in your specific situation: http://codex.wordpress.org/FAQ_My_site_was_hacked
Tony
Forum: Hacks
In reply to: disk usage growing (Hacked?)SiteCheck won’t help in this case.
I’d check your database to see if you’re being loaded with SPAM. Often comes via comments that go unchecked – allows anyone ot add, etc….
Tony
Forum: Fixing WordPress
In reply to: HELP…I'm getting hacked/virus almost every 3 days…Hi @ffooteli
You probably don’t want to hear this, but this is very common.
Two of the more common contributing factors:
1 – You have a backdoor you haven’t cleared yet. The infection you cleared, doesn’t mean you cleared the backdoor.
I’d recommend blowing away the core install, and pushing a fresh copy.
I don’t know much about your environment, but if you have more than one site on that server, all within your account, you could be suffering form cross-site contamination. Regardless, the attacker most likely has a backdoor on your server allowing them to bypass your access control mechanisms.
Understand however that this doesn’t mean it’s a server level issue, it could be an issue in your account.
2 – When you say you changed the passwords, did you include all of them to include SSH / SFTP / FTP / CPANEL, etc..?
The more common mistake we see is a user clears the WP-ADMIn but forgets everything else.
Also, did you clear your salts / keys? If you change your password, but leave your old salts and keys, anyone that is still logged in won’t get booted.
Food for thought…
Hey Guys
This should be fixed in 1.7.0 please let us know if it’s not.
Thanks
Hi @mariedi
Allow me to take a moment to explain what @yorman is trying to explain.
First, to your first point:
I thought Sucuri was securing my site.
If it isn’t, what’s the point?This is not an accurate assumption. I encourage you to read the description of the plugin. If you’re interested in protection they should consider our paid services.
What you have installed is our Free Security plugin that is very specific in what it does, we describe the key features in the Description section in the repository, which is why I direct your attention there.
As for this:
I need to mark them as fixed but also says whatever is marked as fixed will NOT be screened anymore for malware (!!!!)
Marking the files fixed, means that the integrity checker (the feature that is flagging the files) will ignore those files as you say they belong. It doesn’t mean it won’t detect a new file being added or if the file changes later.
It’s important to understand however that the Integrity Checker is not a Malware Scanner.
An Integrity checker does exactly what the name implies – if something changes from its original state then it flags.
As for why it’s flagged now, likely do to the various changes and updates we made to the plugin to address a few bugs. We can’t talk to the various scenarios you provided as it’s impossible to know for sure without debugging and being engaged during those cases.
I really hope this provides better clarity.
All the best
Tony
Hey Guys
Yup, there will be a fix. Pinging the dev’s to see what’s up.
Thanks
Hi Mark
The blog entry shouldn’t be frustrating, it’s very accurate. Unless you are saying that your plugins is a Firewall capable of stopping vulnerabilities from exploited. It’s great you’re able to patch your users, kudos to your team.
Not sure I agree with your point about it being better than blocking it via .htaccess, that’s not entirely accurate. It is effective to patch though. The one risk you introduce is patching someone else’s work. What happens if they upgrade later, now you start getting into conflicts with code and that can be all kinds of bad for the users. Food for thought.. but I’m sure you have thought through that.
As for marketing links. Which are you referring to? Pretty sure I didn’t share any marketing links here, just a link I felt addressed the question being asked. I also didn’t see this in the WordFence forum, rather in the /tags/hacked forum. We have no relationships with BlogVault and are not mentioned in the post, unless I missed it.
So to your point, pretty sure it’s helpful to the community.
All the best
Tony Perez – Sucuri Co-Founder