New to the community? Start here

[Defender] Scan website

We think that our website is compromised. We contacted our host but they refused to help and scan the website. Would you be able to use Defender and scan my website for malware?

Tue, 29 Oct 2019 9:33:23
More Defender Pro discussions
Defender Pro
  • Adam
    • Support Gorilla

    Hi edmon

    I hope you’re well today!

    I suppose that this would explain the “no access’ message that I asked you about in your other ticket.

    I took a closer look at that and it looks like it’s being locked down (probably by the host?). The FTP access does work though, at least still. Our Second Line Support team will check the site and see what would have to/could be done to deal with this situation.

    Please keep track of this ticket and we’ll update you here as soon as we get more information.

    Kind regards,
    Adam

  • Adam
    • Support Gorilla

    Hello again edmon

    I just got information from my colleagues who checked that. For now it seems that the site has been “locked” by the host.

    The lock is at the nginx webserver level which means that we can’t do anything about it. It also means that we cannot do any scan on site. To do anything more, the site would have to be unlocked first so please contact your host and ask them to do so and we’ll then be able to scan (and help you clean up if necessary) the site after that.

    Let us know once the site is unlocked again please.

    Kind regards,
    Adam

  • Predrag Dubajic
    • Support

    Hi Edmon,

    I started a Defender scan on your site but it’s taking really long time to finish because there are 3 WordPress installations in the same folder so it has a lot of files to scan and could be also affecting server performance due to that, further prolonging the scan.

    Are all 3 installations required in there, because I see that one of the folders is renamed to have -suspicious file?

    If there are known suspicious files inside unneeded folders I would suggest removing them completely as it will make finding the relevant suspicious files a lot easier and we could use Defender to check the site for suspicious files.

    Best regards,
    Predrag

  • Adam
    • Support Gorilla

    Hello edmon

    Thank you for response and I’m sorry for late response.

    We’ve been running the scan and after your message about deleting other two installations (above ^) I’ve also accessed the site and restarted the scan so it wouldn’t include any false data and, hopefully, went faster.

    It did go very slow though so we were waiting until it completes. I just tried to check it again and see if it completed and

    – if it did – proceed with additional clean up if necessary following on Defender’s scan findins
    – if it didn’t – investigate it further to find out what’s breaking the scan and if I can find any signs of infection manually

    Unfortunately, it seems that the WordPress access credentials (account shared earlier during the chat) doesn’t work any longer. The FTP access is fine but I’d still need to be able to login to the site.

    Therefore, if you still need assistance with the issue, could you enable support access to the site?

    To do so, please to go the “WPMU DEV -> Support -> Support Access” page in site’s back-end, click on “Grant support access” button there and let us know here once it’s done.

    Kind regards,
    Adam