Jan Dembowski on "I've been hacked!"

February 9, 2014, 5:24 pm

≫ Next: maniaka on "[Plugin: AntiVirus] Suggestion: Scan fake archives"

≪ Previous: LindaHeron on "I've been hacked!"

Sadly there is no quick fix and this reply is usually the right place to start to get a handle on your hacked installation.

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

↧

maniaka on "[Plugin: AntiVirus] Suggestion: Scan fake archives"

February 10, 2014, 10:11 am

≫ Next: newgeeek on "Help me please from redirecting to another website"

≪ Previous: Jan Dembowski on "I've been hacked!"

Fake archives with virus, por scan and option to delete. (2 are real but infected).

wp-includes/post-template.php
wp-includes/Text/class-https.php
wp-includes/https.php
wp-includes/css/class-https.php
wp-admin/css/edit-form-header.php
wp-admin/js/widget.php

https://wordpress.org/plugins/antivirus/

↧

newgeeek on "Help me please from redirecting to another website"

February 11, 2014, 2:19 am

≫ Next: searchsaurabhverma on "[Plugin: Plugins] Malware dedected - [Wordfence Alert]"

≪ Previous: maniaka on "[Plugin: AntiVirus] Suggestion: Scan fake archives"

Hi everyone I have a malware in my website who redirect me from my posts to this one ( http://stream-vk.com/?fp=1exag5x6ERtypwEA4dHWjaJyhca8NfiRqZwqfdfPjSaELPHS64Pq0GHKjvBxLFvyq%2FgnA8CXdwg3OR6LJ1R4Nw%3D%3D&prvtof=AL0P8ZW6PL6CIWnYzKliuCNWAFyTQqy%2F337wamLai1QC6Cm4ilVvSBwG6YPUZyn0QzhhUrxwbyDTCLNa0XzGyw%3D%3D&poru=36PV8St63fjD0TUltvXRDZxfawy4%2BXAG2Rgb7zuZWjlzBeFJle%2BSBpGRLOCX6o74b16VwM6n3R75YEMtStrm4g%3D%3D&cifr=1& )

Just the posts redirect to this video I checked the page and the categories and the home page and they didn't redirect

When I checked my website here is the results http://sitecheck.sucuri.net/scanner/?scan=www.fursanalribh.com
" Hidden Iframes.
Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202
<iframe src="http://stream-vk.com/validation.php" style="border:0px none;" name="validation" scrolling="no" frameborder="0" marginheight="0px" marginwidth="0px" height="1px" width="1px"> "
even delete that infected article and noting solved .

plz help me ASAP

↧

searchsaurabhverma on "[Plugin: Plugins] Malware dedected - [Wordfence Alert]"

February 11, 2014, 8:36 pm

≫ Next: newgeeek on "Help me please from redirecting to another website"

≪ Previous: newgeeek on "Help me please from redirecting to another website"

Alert generated at Saturday 8th of February 2014 at 01:53:02 PM
Critical Problems:

* File contains suspected malware URL: /home/cgm/public_html/wp-content/plugins/revslider/revslider.php
* File contains suspected malware URL: /home/cgm/public_html/wp-content/plugins/revslider/rs-plugin/css/settings.css

Need Help please revert

https://wordpress.org/plugins/plugins/

↧

newgeeek on "Help me please from redirecting to another website"

February 12, 2014, 2:15 am

≫ Next: Wrong_Fairway on "Spam/Blackhat SEO only when shared"

≪ Previous: searchsaurabhverma on "[Plugin: Plugins] Malware dedected - [Wordfence Alert]"

PLEEEEEEEEEEEEEEEEEEEEEEEEEase help !!!!!!

↧

Wrong_Fairway on "Spam/Blackhat SEO only when shared"

February 12, 2014, 10:49 am

≫ Next: Andrew Nevins on "Spam/Blackhat SEO only when shared"

≪ Previous: newgeeek on "Help me please from redirecting to another website"

Hello -

Over the past week or so, my site (http://wrongfairway.com) has been showing signs of being hacked, but not in a way I've seen in researching the problem.

Now, I know not to include the code that comes up here, but it's basically a bunch of jibberish about male-enhancement meds at the top of the body of each post. The thing is, accessing the site directly, there's no sign of the spam - it only shows up when I share the post on Facebook (in the little description or preview box below the link) or when it comes across my feedly - the beginning of the post has the long male-enhancement jibberish before getting into the actual post.

A Sucuri sitecheck shows that it is categorized as "site with warnings" and has brought up the mentioned code. What I am wondering is how to deal with this?

Is this something different than other blackhat SEO spam I've seen or should I go through the protocol that Emis has posted to clear out everything?

I'm not great with all this code hacking/dehacking stuff, so any and all help is much appreciated

↧

Andrew Nevins on "Spam/Blackhat SEO only when shared"

February 12, 2014, 10:56 am

≫ Next: Wrong_Fairway on "Spam/Blackhat SEO only when shared"

≪ Previous: Wrong_Fairway on "Spam/Blackhat SEO only when shared"

should I go through the protocol that Emis has posted to clear out everything?

What protocol is that?

↧

Wrong_Fairway on "Spam/Blackhat SEO only when shared"

February 12, 2014, 11:03 am

≫ Next: esmi on "Spam/Blackhat SEO only when shared"

≪ Previous: Andrew Nevins on "Spam/Blackhat SEO only when shared"

My bad. Esmi, not Emis. But this is what I've seen her post for a few different problems....

I'm sorry but you have been hacked. You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

Additional Resources:
Hardening WordPress : http://codex.wordpress.org/Hardening_WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

↧

esmi on "Spam/Blackhat SEO only when shared"

February 12, 2014, 11:35 am

≫ Next: Wrong_Fairway on "Spam/Blackhat SEO only when shared"

≪ Previous: Wrong_Fairway on "Spam/Blackhat SEO only when shared"

Your site has indeed been hacked. You need to follow the links posted above.

↧

Wrong_Fairway on "Spam/Blackhat SEO only when shared"

February 12, 2014, 11:39 am

≫ Next: SWalberg on "Spam/Blackhat SEO only when shared"

≪ Previous: esmi on "Spam/Blackhat SEO only when shared"

What I figured, but was hoping against.

Thanks for the help.

↧

SWalberg on "Spam/Blackhat SEO only when shared"

February 12, 2014, 9:51 pm

≫ Next: haasorensen on "[Plugin: Wordfence Security] Wordfence did not find file in themes-folder"

≪ Previous: Wrong_Fairway on "Spam/Blackhat SEO only when shared"

The links are in the page, you can view the source to find them. There's some CSS that hides it which isn't going to get loaded when Facebook does the preview. http://www.isithacked.com/check/http%3A%2F%2Fwrongfairway.com%2F shows the links.

You'll want to go through the set of links that were posted earlier to clean up your site.

↧

haasorensen on "[Plugin: Wordfence Security] Wordfence did not find file in themes-folder"

February 13, 2014, 1:19 am

≫ Next: Eli on "Site hacked despite several Hardening-Tools and gotmls finding nothing..."

≪ Previous: SWalberg on "Spam/Blackhat SEO only when shared"

I've found a unwanted file in my wp-content/themes/ folder with the name of signups.php.
It showed my phpinfo and would be able to send out spam-mails.

Wordfence did not find it, even when comparing core files etc.

Is this normal behaviour?

https://wordpress.org/plugins/wordfence/

↧

Eli on "Site hacked despite several Hardening-Tools and gotmls finding nothing..."

February 14, 2014, 3:41 am

≫ Next: newgeeek on "redirecting problem"

≪ Previous: haasorensen on "[Plugin: Wordfence Security] Wordfence did not find file in themes-folder"

It looks like your site is clean. I guess you got it working?

Let em know if you need any more help.

Aloha, Eli

↧

newgeeek on "redirecting problem"

February 18, 2014, 10:03 am

≫ Next: esmi on "redirecting problem"

≪ Previous: Eli on "Site hacked despite several Hardening-Tools and gotmls finding nothing..."

Hi All please Help me I have a malware and Don't know how to delet it from my website http://www.fursanalribh.com
these is a result in Sucuri site
http://sitecheck2.sucuri.net/results/www.fursanalribh.com
I even delete that article but still the malware

the malware redirect my posts to this website
http://stream-vk.com/validation.php
just the post not the pages or the front page
I checked the page source of the articles and find this code :

please help !!!

↧

esmi on "redirecting problem"

February 18, 2014, 12:22 pm

≫ Next: Wordfence on "[Plugin: Wordfence Security] Wordfence did not find file in themes-folder"

≪ Previous: newgeeek on "redirecting problem"

Anything less will probably result in the hacker walking straight back into your site again.

Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

↧

Wordfence on "[Plugin: Wordfence Security] Wordfence did not find file in themes-folder"

February 18, 2014, 1:02 pm

≫ Next: Serva on "[Plugin: Wordfence Security] Google Search issue"

≪ Previous: esmi on "redirecting problem"

Please send it to samples@wordfence.com and we'll get detection added for this.

Regards,

Mark.

↧

Serva on "[Plugin: Wordfence Security] Google Search issue"

February 19, 2014, 6:32 am

≫ Next: Mr.Fitz on "[Plugin: EWWW Image Optimizer] Malware in latest update"

≪ Previous: Wordfence on "[Plugin: Wordfence Security] Wordfence did not find file in themes-folder"

I wonder if you can help please. I have a website that I have been running your plugin for months. However today I see in a google search, these results under the web address:

Since payday loansa no other lending process get a quicker generic for viagra generic for viagra option is common but funds right away.An alternative method of ... Google+ page

I have had no warnings of an issue from your plug in and I have always kept it current. I need to protect against this malware as I have seen it before on other websites. When I saw this before (and the reason I used your product to protect from this) it showed the text in google but not in the website, the text also changed so it must be pulling it in. Megaproxy could see the text at the top of the website but when I check with this instance it doesn't see it, so it has developed. I really must stop this from happening, Please help, Thanks D

https://wordpress.org/plugins/wordfence/

↧

Mr.Fitz on "[Plugin: EWWW Image Optimizer] Malware in latest update"

February 19, 2014, 7:23 am

≫ Next: nosilver4u on "[Plugin: EWWW Image Optimizer] Malware in latest update"

≪ Previous: Serva on "[Plugin: Wordfence Security] Google Search issue"

I use EWWW Image Optimizer on my website caregiver-aid.com and am very happy with it. Works great and have had no problems.
Today I receiver this message from WORDFENCE about a critical issue involving EIO.

"File contains suspected malware URL:"

Filename: wp-content/plugins/ewww-image-optimizer/languages/ewww-image-optimizer-ro_RO.mo
Bad URL: http://mediasinfo.ro/
File type: Not a core, theme or plugin file.
Issue first detected: 7 hours 32 mins ago.
Severity: Critical
Status New

This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://mediasinfo.ro/ - More info available at Google Safe Browsing diagnostic page.

Is this a known problem? I don't see anyone else on the support page with this problem.
It looks like a Romania language thing, Since I only do business in U.S. can I safely delete this file without harming the plugin?

Thanks for your time, Greg

https://wordpress.org/plugins/ewww-image-optimizer/

↧

nosilver4u on "[Plugin: EWWW Image Optimizer] Malware in latest update"

February 19, 2014, 7:53 am

≫ Next: Mr.Fitz on "[Plugin: EWWW Image Optimizer] Malware in latest update"

≪ Previous: Mr.Fitz on "[Plugin: EWWW Image Optimizer] Malware in latest update"

The url in question is the website of the individual (or team) that does the Romanian translations for the plugin. I don't know Romanian, but their website does not look like it distributes malware. I've sent an email to them to try and get more information, but I suspect it may actually be the ad network they use that was infected, rather than their actual website.

You can delete the file in question, or leave it, it isn't going to hurt anything, since that url never gets displayed anywhere. It also won't break anything, since you are not using the Romanian translation.

↧

Mr.Fitz on "[Plugin: EWWW Image Optimizer] Malware in latest update"

February 19, 2014, 8:16 am

≫ Next: Wordfence on "[Plugin: Wordfence Security] Google Search issue"

≪ Previous: nosilver4u on "[Plugin: EWWW Image Optimizer] Malware in latest update"

I've deleted this file and as you suggested there seems to be no further problems. Wordfence is now happy.

Thank you for your quick response.

Great plugin.

Greg

↧