File appears to be malicious: wp-includes/wp-tmp.php
Type: File – Critical Error
File appears to be malicious: wp-content/updraft/themes-old/write/functions.php
Type: File
I am getting like this error.
I m using purchased theme.
↧
Malware Found – How to remove that
↧
Urgent Support – Website Affected with Malicious Code
Hello,
My Website was affected by malicious code. Finally, I found out your plugin.
I performed the scan and removed the some affected files.
Still 4 Files unable to remove. When I remove website was not working.( HTTP 500 Error )
Please help remove the following files http://prntscr.com/iz9bje
Thanks Advance
↧
↧
Contains malware! Avoid!
I’ve been using this plugin for years but recently I noticed my website loading much longer then usual and found that this plugin is loading ads by google hidden in the iframe! When I deactivated the plugin the issue was gone. THis plugin should be reported and deleted from WP!
↧
Hacked again after installing Cleantalk
When I go to my website, I get the following text
“Hacked By BLACK C0D3 & W!LSHERE7 XDz”
I had the latest wordpress install, but now it says the 4.9.5 is available.
This happened a couple weeks ago, so I restored an earlier version and installed/bought the CleanTalk security plugin, thinking it would prevent this from happening, but no. I noticed that it happened again this morning.
On my CleanTalk account page, the latest security scan
Last scan Result (Apr 04, 2018)
Total files 621
Failed files 2
Unknown files 0
The two “failed” files paths are below, but I don’t know what to do about them. Could they be modified recently, but the modified date is wrong?
1) last modified date: Feb7, way before the hack happened.
/wp-content/plugins/all-in-one-wp-security-and-firewall/lib/whois/whois.parser.php
2) last modified date: 2015
/wp-content/plugins/site-is-offline-plugin/site-offline-options.php
↧
Malware suspicious files on server: wflogs/attack-data.php ;config.php ; ips.ph
For about two month now I receive warnings about daily changes on few files on the server.
wflogs/attack-data.php
wflogs/config.php
wflogs/ips.php
It looks suspicious that the files are changing everyday even when there was no management activity.
Can some one tell me what’s going on, and how to detect this issue?
Thanks,
Alon
↧
↧
MALWARE WARNING
This plugin is malware do not install it on your server, it will setup a backdoor admin account.
↧
Mystery posts appearing unexpectedly on site
I recently installed the Shield Security plugin on the site run for our church. Please note that I am not asking about a problem with Shield Security itself — it has merely revealed the problem that I am investigating.
One of the features of Shield Security is an Audit Trail. This shows actions taken by Shield Security and by WordPress itself. In the Posts section, Shield is showing that posts are being published that neither I nor any other contributor to the website have had anything to do with.
The posts are all named by the same pattern: a name and a date stamp. They show as published, updated, or deleted from trash. Here are a few sample entries from the Audit Trail:
Date Event Message Username IP Address
5:03 pm April 8, 2018 post published Post entitled "Sue Biser - 2018-04-08 17:03:14" was published. Unidentified 24.210.168.28
5:06 pm April 6, 2018 post deleted WordPress Post entitled "Ramona Jordan - 2018-03-22 00:51:38" was permanently deleted from trash. WP Cron 184.173.18.203
3:09 am April 6, 2018 post updated Post entitled "John Smith - 2018-04-06 03:09:32" was updated. Unidentified 14.192.54.18
11:51 pm April 4, 2018 post published Post entitled "Hiroya Tsukamoto - 2018-04-04 23:51:14" was published. Unidentified 107.1.140.3Here’s a screen shot of the audit trail listing, for better formatting:
https://imgur.com/Kna6zLJ
None of these names are anyone who is connected to the church. Also, when I search the Posts dashboard for these posts, they are nowhere to be found.
Shield tech support theorizes that they may be custom post types. I have never set up any custom post types on the site.
I am wondering if these might be created by some malware that I have not detected on the site, or via the post-by-email mechanism (which, again, we do not use).
Has anyone seen mystery posts of this description on their own sites? I am very interested in tracking down the source and eliminating future occurrences of these posts.
Thanks…
JGB
↧
Website Malware rogueads.unwanted_ads?1
Hello, I scan the website did the whole procedure, but it still continues to show unwanted ads.
I have google adwords campaigns that have been paused because of this malware, could you give me a hand?
My site is the https://sitecheck.sucuri.net/results/italiacidadaniaeturismo.com
↧
Conflit
Hello, does your plugin work well together with All In One WP Security & Firewall?
↧
↧
Coinhive code in header.php
Hi
I’m trying to help a new client, who has come to me with a very slow website. I realised they didn’t have any security (and never have – it’s an old site!) on their site, so have installed wordfence which I use on all my sites.
I’ve done a scan and it says:
This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: new CoinHive.Anonymous(‘TnKJQivLdI92CHM5VDumySeVWinv2yfL’. The infection type is: Browser-based crypto currency miner..
The file is the header.php – I can see the coinhive links/code – but am not sure where from and where to delete it. Or can wordfence help with this? My client is having a new site built by someone else so doesn’t want the pro version at this point in time. But can the free version help?
OR if I paste the code in the header here – can someone let me know which part I can delete?
I’ve already deleted a file wordfence flagged up. I’ve taken backups all the way…
Thanks for any help in advance….
↧
Malware on my website
Hello good evening, I have this site http://www.italiacidadaniaeturismo.com and I advertise on google and they called me saying that my site is with those malicious codes, I used their plugin but it does not identify, you
virus pointed by google on my site
http://deloton.com/apu.php?zoneid=1635186
http://go.mobisla.com/notice.php?p=1635189&interactive=1&pushup=1
http://go.onclasrv.com/apu.php?zoneid=1635186, http://mobpushup.com/lg.php?bannerid=1852173&campaignid=1159285&zoneid=1635189&OACBLOCK=3600&OACCAP=1&OAZBLOCK=3600&OAZCAP=1&loc=http%3A%2F%2Fitaliacidadaniaeturismo.com%2F&cb=37cf959d8c, http://mobpushup.com/notice.php?p=1635189&interactive=1&pushup=1
↧
Beware this plugin – adware, malware
I couldn’t figure out what made my site load so slowly, then came upon online warnings about how this plugin works – adware and malware. I deactivated the plugin and my site loads much more quickly now. See online article, “Simple Share Buttons Adder is an adtech and redirect nightmare.” Beware.
http://leanmedia.org/simple-share-buttons-adder-adtech-redirect-nightmare/
↧
Shortcodes Ultimate is Hacked
FYI, Shortcodes Ultimate has been hacked on every website we have used it with. InMotion Hosting Scanned for Malware and confirmed these findings on many other sites too. This is listed for every site with Shortcodes.
{
“malware”: {
“/home/********/public_html/wp-content/plugins/shortcodes-ultimate/assets/js/ace/mode-php.js”: “function(e,t,n){ …….to much to be copied here……. }
},
“tstamps”: []
}
The Malware is EITest.
Good luck fixing this but we will be removing all Shortcodes installations from our websites because those websites email accounts IP addresses are getting listed on CBL and being blocked by services such as Outlook.com, Hotmail.com, etc.
↧
↧
MY site keeps breaking
RUnning WP 4.9.5
Avada 5.5
Site: https://moneymovers.com
My site started breaking (White screen of death) about two weeks ago. At first I restored the backup mysql and that seemed to work for a few hours and then it would break again. I wrestled with it for about 8 days replacing the DB. It would stay up for several hours and then break again. I discovered that the index.php and the wp-config file were disappearing. I assumed that they were being malwared and my Bitdefender was quarantining them. I reinstalled AVADA, the wordpress WP-ADMIn and WP-INCLUDES folders, but it still kept breaking. So I got an old backup folder of the site, cleaned it up with Wordfence, deleted all the old unused plugins, and took the inactive plugins out of the folder. Still breaks. Wordfence finds malware each time I restore it from the old backup. I’ve done everything I can to clean it but it still keeps breaking. Wordfence says it is clean.
If I copy the site folder and then point to it with IIS it breaks. Then if I point back to the original folder it breaks too. So I have to copy the old backup and put it back in my Main site folder and start over. I have made sure there is no bad code in the Index.php and wp-config file on my source backup folder. I’m running 10 sites in the folder, and most of the are using Avada 5.5 and WordPress 4.9.5. and none of them are breaking. Any suggestions?
↧
beware on this plugin
Guys don’t install this plugin is malware, my website get blocked.
> ==>
> CLAMAV SCAN INFO (infected files):
> [clamav result empty]
> ==>
> `SKRYPT’ SCAN INFO (suspicious files):
> www/arturzolkowski/wp-content/plugins/amp/includes/sanitizers/class-amp-allowed-tags-generated.php
>
> ==>
> LOCKED VIRTUAL HOSTS:
↧
Malware scanning problem
This has always been the top-of-the-line plug-in. But as it becomes more sophisticated it becomes more difficult to traverse all the options.
It is crashing my system with the malware scan. There does not seem to be an easy answer.
Otherwise, top rate program.
↧
SIte getting redirected (malicious) when WP Cerber enabled
When this plugin is enabled, my site is getting hacked and the contect redirected to a malicious site.
Deactivating this plugin stops it. If I delete the plugin and it’s folder, then redownload and activate, it’s OK for a while.
Is this a vulnerability with the current version?
Thanks
↧
↧
This plugin contains malware
My website just slowed down and started to open spam links when clicking any part of website. I removed the plugin now. Installed from the WordPress repo. Where do this thing come from:
From Ithemes security plugin:
Malware found in the URL
Infected URL: https://MyWebsite.com/404javascript.js
Type: *Known javascript malware
Documentation: http://labs.sucuri.net/db/malware/rogueads.unwanted_ads?1
↧
crawl-66-249-64-77.googlebot.com Probing for vulnerable PHP code
Question about the blocking…
I am seeing LOTS of “googlebots” coming to the site and probing for vulnerable PHP code.
URL: xxxxxxxxxxx.org/buccinoid-pyroxylic1187zaxu80/bs0637i4588887ld98.php
URL: xxxxxxxxxxx.org/costing-pyroxylic1194zaxu122/is58dzb1ac5o03of57.php
WP Cerber is doing great in stopping hackers. I’m concerned as to why this is coming from a googlebot and the problems with blocking real googlebots. If google cannot crawl the site because of being blocked, then this basically hurts my rank.
All blocked within a few minutes of each other.
crawl-66-249-64-75.googlebot.com
crawl-66-249-64-77.googlebot.com
crawl-66-249-64-79.googlebot.com
(and more if I search the history)
I did verify they are actual IP’s owned by google so they are real google bots. If I whitelist the IP’s, then I’m not stopping the probing and loose protection. I’m seeing this on almost all my websites.
If someone is able to control the google bots to probe for vulnerabilities on a particular site that will lead to all the google bots being blocked. Then the site will loose rank on google because the good google bots will not be able to crawl normally.
Hopefully someone here can make some sense of this. I’m concerned as blocking google from crawling is not wise.
↧
This plugin adds spam on website
This plugin is spam ware, and possibly stealing data for their own purposes
↧