Quantcast
Channel: Topic Tag: malware | WordPress.org
Viewing all 3850 articles
Browse latest View live

Malicious file found

October 18, 2019, 2:53 pm
$
0
0

Wordfence has identified a malicious file on our website. We were attacked by malware a while back, and it seems that this file is a remainder of that.

The file is present in our theme directory (WP/wp-content/themes/rttheme18/languages). The name of the file is called: EN-US.PHP. I have checked on our theme’s forum and this file should not be there. It is not a file that is part of the theme.

Does anyone know about this file and if its dangerous? I tried to remove it and then suddenly our site no longer comes up in a browser (or more accurately comes up as a blank page). When I put the file back, the site behaves normally again.

If someone has any idea of what this file is and how I can properly remove it, your assistance would be appreciated. My theme forum (RT-Theme 18 from Themeforest.com) had no words of wisdom

Thanks

Greg

Search

Replacing an Open file

October 20, 2019, 4:54 am
$
0
0

We recently were hacked by malware. We repaired our site, but were unable to remove on file en-IS.php. I finally discovered why, the file header.php was edited to include a line that required the presence of the above file in our file structure.

I have the original header.php file without the line added by the hacker. If I try to simple overwrite the file I cannot becuase it is open. What is the best and most graceful way I can get the header.php file closed, so I can replace it.

Do I need to shut down my site temporarily to do this? If som How would I do that?

Thanks

Greg

Google rejects my ads because of Malicious or Unwanted Software

October 21, 2019, 9:51 am
$
0
0

Hello World,

2 month ago, google started to reject my ads because of Malicious or Unwanted Software, i have contacted google, and they have given me all the url’s which they find infected. I have assigned these url’s to my developer, but he guarantees me that the sites can’t be infected. He even tried to delete one of the infected libraries, which he had local on his pc, and reloaded it back to the website, to guarentee it at no chance could be infected. However google once again pointed out that the library used was infected. Any idea of how i can fix this issue with google?

Best Regards Christian Skjøth

Avoid! Filled my website with malicious malware!

October 28, 2019, 2:44 am
$
0
0

Filled my website with malicious malware!

Malware Keeps Coming Back

October 31, 2019, 7:22 am
$
0
0

Hi,

I have recently taken across a client site that had malware. I found this to be coming from the index.php page. It seems to be creating HTML pages from the website URL and trying to sell Diet Pills.

I’ve tried scanning with Wordfence to find out where its coming from, but no joy.

Every time I change the Index.php back to the original it changes itself back normally by the next day.

This is the index.php file that it keeps changing. I’ve tried changing the permissions to 444.

[ Deleted ]

Malware detected in fonts folder?

November 3, 2019, 12:06 pm
$
0
0

Dear Ewout,

My security plugin alarms me for two files in the fonts folder of your plugin. They do not seem to be normal font files, but have very long names.
Can you tell me if these are normal and safe?

I have some screenshots if you want to, but these are the names of the files:

wp-content/uploads/wpo_wcpdf/fonts/90fdc289a6639aa8b38f2b95590d9aae.ufm.php
wp-content/uploads/wpo_wcpdf/fonts/f5ba4657e8551f4baf90d70d6404541f.ufm.php

Thanks you and best regards,

Marc

suspicious Updraftplus file causing bug

November 4, 2019, 2:08 pm
$
0
0

Hi,

My websites were blocked because of a malware. When I did a scan, it ended being 2 of your files in there(./wp-content/plugins/updraftplus/config.php Details: php.backdoor.xhell.001.01).
Can you please explain? I thought you were a safe plugin.

Warning! Malware with this plugin

November 5, 2019, 12:59 pm
$
0
0

I installed this plug in one month ago, and linked it with my account..
Then I found out my account is linking random post from people I don’t know on Instagram… Didn’t understand what happened.. Changed my password but it was doing it again, liked multiple random unknown post per day..
Then I found out in the setting that this plug in was connected to my account..
I desactivated it and everything get back to normal.
I thought I should warn people…

Search

Malware Found – Injected Script

November 7, 2019, 6:59 am
$
0
0

Hello,

My site was hacked.

The website SUCURI.NET found a malware, like this:

This page includes a JavaScript/iframe from scripts.trasnaltemyrecords.com that is blacklisted by Sucuri Labs, reason: injected script, see https://labs.sucuri.net/?blacklist=scripts.trasnaltemyrecords.com

https://scripts.trasnaltemyrecords.com/pixel.js?track=r&subid=043

My WP Forum is down, and I have problems with displays.

What do now?
What is the source of hacking?

Do you have any information about this, perhaps a similar case?

Thank you to those who will give me their time.
L.

Malware redirection

November 7, 2019, 8:18 pm
$
0
0

The website is redirecting and I found that the posts table has been modified. Almost all columns in the post_content ended with this script:

[ Deleted ]

Anyone can share the mysql code to delete only this data?

Symantec 30548 web attack jscoinminer website detected

October 18, 2019, 12:50 pm
$
0
0

Hi,

Recently I had a malware on my website that redirects to another site in a new tab.That behavior doesn’t do it anymore.But I am seeing this message every time there is a webiste page.

Any ideas?

Real post-5.2 “technical issue” email, or scam?

November 17, 2019, 6:31 am
$
0
0

I received an email that looked legit (as far as I can tell it even really came from my server), but I’m concerned that foul play is involved.

It looks like emails others have been getting since version 5.2 when a plugin throws an error:

Howdy!

Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email.

In this case, WordPress caught an error with one of your plugins, 3D FlipBook – Light Edition.

It continued with reasonable advice, like checking the front-end and back-end. Indeed I was getting a PHP fatal error when I tried to access either. The email went on to say:

If your site appears broken and you can’t access your dashboard normally, WordPress now has a special “recovery mode”. This lets you safely login to your dashboard and investigate further.

https://land.buyittraffic.com/click?/wp-login_php&action=enter_recovery_mode&rm_token=5BfZRVYe2hhkapSKQcqW3w&rm_key=ystIma0Me1XIHV36wtPdbx

To keep your site safe, this link will expire in 1 day. Don’t worry about that, though: a new link will be emailed to you if the error occurs again after it expires.

Notice the link: “land.buyittraffic.com”???! Unfortunately I clicked on it before I noticed the weird domain, and I was redirected to someplace strange (https://actraffic.com/?p=gzqwiztegm5gi3bpha2dg&sub1=Ayaana&sub2=tony.v2). I quickly closed the tab. Sometime in this process (I can’t remember the exact order of actions), I connected via FTP and renamed the folder of the plugin that was originally throwing an error. But then WordPress attempted to run and send me to my home page, but it was sent through a series of redirects and eventually to a very similar page, and that time Avast announced that it had blocked a threat and aborted a connection to scripts.trasnaltemyrecords.com because it was infected with JS:Downloader-GGQ [Trj]. At that point I completely replaced my index.php with a message to my visitors and will attempt to restore an old version of my site from backup tomorrow.

I can’t find anyone else reporting that WordPress 5.2 “technical issue” email as being malware, but that link sure looks strange – did I screw up my site worse by clicking on it?

Redirect malware

November 18, 2019, 11:18 am
$
0
0

I have a redirect malware somewhere on my site. Symptoms:

1. Only mobile and iOS users
2. Random
3. Seems to always happen for new users, but following requests works fine

I have upgraded WordPress and all plugins, changed the theme, removed unused plugins. Also inspected common php and .htaccess file.

Anyone has any clues?

Any recommendations for experts that could help me out?

wp-admin page redirects…why?

November 20, 2019, 9:07 am
$
0
0

Hello, as recently as this weekend my WordPress website login page redirects to a spam site. The website URL is https://www.thesearchninjas.com does anyone know why this is happening, or how to fix it? Thanks!

You Must Have This Plugin!

December 3, 2019, 2:56 pm
$
0
0

My website was hacked via outdated adminer.php. Login credentials stolen, two users had logged in. I could not login, my site was a redirect. Host server backup got the site restarted. This plugin identified infected files and malware script at 604 posts. I increased security (Wordfence Premium plus Anti-Malware) and changed all passwords after this plugin quarantined 7,405 files. Login hacks stopped, malware script removed, problem solved for this round. Anti-Malware is worth every dime of the $29 donation!

Search

Travel Agency bug – Detected injected PHP code

December 9, 2019, 10:10 am
$
0
0

My new website www.goholidaytravels.com having a malicious error due to PHP code injection. I am not able to run the Google Adword campaign due to this bug.
It would be appreciable if anyone could help me out to resolve this bug.

Below is the detailed error report:
Malware Scanner Report:
=======================================================================
Quttera Web Malware Scanner plugin for WordPress
Website Malware Scan Report

Scanned Website: https://goholidaytravels.com
Scan type: Internal
Report generation time: 2019-12-09 10:09

Scan launch time: 2019-12-09 10:03
Scanned files: 6089
Clean: 6082
Potentially Suspicious: 0
Suspicious: 5
Malicious: 2
=======================================================================

FILE: wp-includes/wp-vcd.php
FILE_MD5: cbf518a7a6722d9c7a9086e57e062737
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: cbf518a7a6722d9c7a9086e57e062737
THREAT_NAME: Heur.AlienFile.gen
THREAT: Unknown file in core directory…
DETAILS: Detected unknown file in core directory

FILE: wp-includes/wp-tmp.php
FILE_MD5: bf226c41d0b4c42458516bdbd5e7f446
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: bf226c41d0b4c42458516bdbd5e7f446
THREAT_NAME: Heur.AlienFile.gen
THREAT: Unknown file in core directory…
DETAILS: Detected unknown file in core directory

FILE: wp-includes/wp-feed.php
FILE_MD5: 7ba81b28edc0df0bdcc6dfb6a6b3a19f
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 7ba81b28edc0df0bdcc6dfb6a6b3a19f
THREAT_NAME: Heur.AlienFile.gen
THREAT: Unknown file in core directory…
DETAILS: Detected unknown file in core directory

FILE: wp-includes/post.php
FILE_MD5: f97bca07e3c42f344986fe4c23dd0b07
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: f97bca07e3c42f344986fe4c23dd0b07
THREAT_NAME: Heur.CoreFile.gen
THREAT: Modified core file…
DETAILS: Detected modified core file

FILE: wp-includes/.htaccess
FILE_MD5: 83c059a741ce3c1a46bde1a66216656e
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 83c059a741ce3c1a46bde1a66216656e
THREAT_NAME: Heur.AlienFile.gen
THREAT: Unknown file in core directory…
DETAILS: Detected unknown file in core directory

FILE: wp-content/themes/tour-operator/functions.php
FILE_MD5: 5a28acb294e24f98087b71e8728f0177
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: 1381cc1143ba2d9a6db1dde176c1d24d
THREAT_NAME: Trojan.PHP.Injection.gen.1c6
THREAT: <?php if (isset($_REQUEST[‘action’]) && isset($_REQUEST[…
DETAILS: Detected injected PHP code

FILE: wp-content/themes/travel-agency/functions.php
FILE_MD5: 3789b05609c0ba5679b3c52bc337ae23
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: 9ab21595d286c0b54046a43e8e91236c
THREAT_NAME: Trojan.PHP.Injection.gen.1c6
THREAT: <?php if (isset($_REQUEST[‘action’]) && isset($_REQUEST[…
DETAILS: Detected injected PHP code

Great malware detection, awesome support, but one catch

December 12, 2019, 7:12 pm
$
0
0

I use MalCare on several sites for automated backups and security. Recently, I was notified by MalCare about malware found on multiple sites. Upon running the cleanup process, the detected malware was successfully removed. Not only that, but the founder and his team immediately got to work to detect the vulnerability that caused the malware to land on my sites in the first place. Turned out it was due to a plugin that had a security vulnerability. They then promptly notified the developer of that plugin and worked with their team to get it patched, and an update was released by the developer within hours to close the loophole.

All-in-all, great job by the plugin for detecting the malware and by the team to help address the root cause for malware landing on the sites, but when it comes to removing the malware from the site, while the process did work successfully, there was one serious shortcoming in the way it worked: it required manual initiation of the cleanup process by me for every site individually. The reason for that appears to be the way MalCare is built – it works on read-only access mode by default, and can’t make any modifications to the site without your manual initiation of the process, in which you provide FTP/SFTP/FTPS credentials to start the cleanup.

As someone who understands cybersecurity best practices, I’m sure this is by design in order to prevent MalCare from modifying anything on the site without explicit initiation by the site owner, but for a malware cleanup service, it’s extremely important that cleanup happens immediately upon detection, and automatically, since the owner might not be immediately available to initiate the process manually, or they might have too many sites to be able to initiate it for all of them at the same time, in case the same malware is detected on multiple sites. And in the meantime, even though malware was detected and MalCare had the capability to remove it, hackers could have a field day exploiting the malware till the site owner manually initiates the removal process for all sites.

Due to this, I’m deducting one star from what would have otherwise been a five star review. And I feel bad doing it because the team is so responsive and proactive in helping their customers, not to mention very talented at what they do. I hope fully automated malware removal is available soon, so that I could update this review with the full five stars.

{YARA}eval_post – malware

December 19, 2019, 12:45 am
$
0
0

Hello,
My hosting provider is telling me that this plugin contains a malicious script. Here is what they got from the virus scan :
{YARA}eval_post : /—–/wp-content/cache/supercache/—–/meta-wp-cache-717ab2db432fe0d4023b3b083606ad25.php => /usr/local/maldetect/quarantine/meta-wp-cache-717ab2db432fe0d4023b3b083606ad25.php.209533040
Is this the case for other users of this plugin ?

Opening External websites on Click anywhere

December 27, 2019, 2:14 am
$
0
0

Upon Installing this theme.. anywhere I click on the site it opens a new website mainly allashark.site and another similar site.. kind of malware.. pls help else I dont have any other option except to opt for an alternative theme

It helped me to remove injected code

January 1, 2020, 12:11 pm
$
0
0

Not only this plugin helps you with current threats, but it also detects old ones…

Thanks for a very efficient plugin!

Viewing all 3850 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>