Gotmls plugin not detecting Malware – porn and russian workout after inactivity

  • Resolved fulton1009

    (@fulton1009)


    10 years, 5 months ago

    https://thirdwaveska.com
    Site works until there is no activity for about 3 or 4 minutes. Then browser leaves site and goes to porn, russian workout or in the case of the ipad, a download page.
    Scan found two js that were not threats but suspicious. I deleted them without writing down what they were. Scans cannot find them again.

    Probably useless info but, site was infected yesterday. Tried cleaning with your product. Didn’t fix. I deleted the entire wordpress directory and dropped all tables in database. Rebuilt wordpress and installed your product first. Same problem. Ever hear of anyone hijacking an address?

    Thanks

    https://www.ads-software.com/plugins/gotmls/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter fulton1009

    (@fulton1009)

    As an update. Happened on two PC’s and an ipad. Scanned PC’s with Malbytes, Spybot, Avast. Cleared cache and history. Firefox and IE. Still have issue. Redirect goes to 206.190.151.76. Sites like jasmin, popcash and fashionsomething

    Plugin Author Eli

    (@scheeeli)

    So you installed a fresh copy of WP and your site still redirects?

    If your WP is installed in a sub-directory it could be the root site was hacked.

    Can you give me some more to go on here? Do you mind posting your infected URLs so I can check them out?

    You can also contact me directly if you want and send me a WP Admin login. My direct email is eli AT gotmls DOT net

    Aloha, Eli

    P.S. don’t delete files flagged as Potential Threat. Even if there are Known Threat in a file it does not mean the whole file is bad. My plugin was designed to remove the malicious code from the file without breaking the good code that your site may need to function properly.

    Thread Starter fulton1009

    (@fulton1009)

    Thank you for the quick reply. It’s good to know that I shouldn’t delete those files. I may take you up on your offer but I have a possible solution that I am testing at the moment.
    Just to share with everyone, The problem may be caused on my hosting site. I use Brinkster but I’ve seen a thread that GoDaddy had the same issue. I was checking on a thread that mentioned the hacking of the .htaccess file. While I was on the phone with Brinkster about it the rep noticed an issue in the asp.net framework. He wouldn’t tell me exactly what happened but something on the server altered on of the asp.net framework file and since every account has asp.net enabled, the exploit can work its way down into the accounts. He fixed the issue on his end, I cleared my cache on the browsers and I’ve been on my site for 15 minutes.
    I will keep the forum posted on the success of this in case someone else has the issue. I don’t want to imply that Brinkster is a bad site. They’ve taken good care of me for years. I also want to thank you for offering to help. I only was frustrated for a day and now I feel that my site it more secure. Thank you for your wonderful plug in. On my second attempt at installing WordPress, your plug in was the first thing I installed.

    Thread Starter fulton1009

    (@fulton1009)

    ***RESOLVED***
    12 hours with no issues. The post above explains the resolution as an issue with the hosting site.

    Thanks for the help.

    Plugin Author Eli

    (@scheeeli)

    Thanks for the follow-up. It’s important to know that nearly all shared hosting providers have vulnerabilities like that that can affect all the sites they host. I’m glad to hear that Brinkster would at least admit that the problem was on their end and fix it for you.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Gotmls plugin not detecting Malware – porn and russian workout after inactivity’ is closed to new replies.