Got detected by Anti-Malware from GOTMLS.NET

G’day AAcAN,

I just ran that plugin against one of my testbed installations, and it didn’t flag any problems for SSL Insecure Content Fixer (it did flag Potential Threat warnings for Gravity Forms, which I know to be false positives).

Can you make sure that both plugins are up to date and run the scan again please? Can you also post the complete warning message?

One possibility is that your website has been hacked. In case that’s happened, let’s keep this conversation moving quickly!

cheers,
Ross

Me too,
Your plugin detected by GOTMLS. ??

@mvp13585 are you running the latest versions of SSL Insecure Content Fixer, GOTMLS, and WordPress? When I scan in a test environment I get a pass.

What is the message it gives?

cheers,
Ross

Yes i use WP 4.4.1, SSL Insecure Content Fixer 2.1.5, GOTMLS 4.15.49.

It just give message :

Known Threats

…/xxx/wp-content/plugins/ssl-insecure-content-fixer/includes/class.SSLInsecureContentFixerAdmin.php

with red background.

But no fix button, only “Whitelist this file” button

The lines that got detected is :

Potential threats in file:

require SSLFIX_PLUGIN_ROOT . ‘css/settings.css’;

require SSLFIX_PLUGIN_ROOT . ‘css/tests.css’;

Update:

The fix button shown. And i click the button to fix the file and the lines missing but the website is working properly.

Right. Thanks for the details, I think I know what it is. I’m pulling in those .css files using require which can execute code, which is a bad idea (naughty me!) so it detects that as a risk.

Can you please install this copy and run the scanner again? You can install it next to the current version (just don’t activate it) because it has a different folder name.

https://www.dropbox.com/s/62xfb2b8pz4da7h/ssl-insecure-content-fixer-2.1.6-dev.zip?dl=1

cheers,
Ross

Ok, i repeat the scan only for that folder and the threat not found in that folder.
Great job. ??

Fabulicious. Thanks for your help! I’ll get a new release out now.

cheers,
Ross