New to the community? Start here

Defender not detecting malware

I just found out that a trojan has infected my whole development-server which defender was unable to identify. Not sure how to fix this, please help.

Mon, 25 May 2020 16:02:40
More Defender Pro discussions
Defender Pro
  • Alessandro
    • Nightcrawler & Daydreamer

    Hello Phil Samcro

    Unfortunately, as Defender scans only for malicious code in files, can not detect any injections to your database. It’s not real-time firewall to prevent any malicious code execution. (Web Application Firewall available on our host).

    It’s not easy task to spot malware hidden in the database. Database holds data in many formats (serialized, base64encoded etc) across tables. As data are the most valuable thing in an installation, only manual scan & removal can provide success.

    I ll commit a full scan to your website and let you know about the results soon. :nerd:

    Kind regards,
    Alessandro Kaounas.

  • Alessandro
    • Nightcrawler & Daydreamer

    Hello Phil Samcro

    I have removed “monit” malware which was injecting JS code into your pages. Also did a full (manual) database scan. No other threats detected.

    I noticed that I could have access to multiple WordPress installations. That means that, if an attacker get access to a WordPress with a vulnerability then can have access to all your installations across your hosting subscription and infect them all.

    I recommend consulting your hosting provider and also review any log files (access log) to determine how the infection was done to prevent it from happening again in the future.

    I see this “malware” concerns the WP community with numerous topics and threads.

    As of now there is no need to worry about. Keep your installations up-to-date and harden your sites with Defender’s Security Tweaks.

    Let us know if you need further assistance. :tada:

    Kind regards,
    Alessandro.