Forums

WordPress › Support » How-To and Troubleshooting

Been Automatically Redirected To Scam Site (5 posts)

  1. kah22
    Member
    Posted 1 year ago #

    On start up I am been redirected to a scam site which insists on scanning your computer and telling you that you have x number of virus.

    A similar thread a short time back told me that it was rouge code that worked it's way into the index.php file. I've worked my way through all the index.php files and removed the offending code. The code kept coming back but I kept working at it and eventually I think I've got it cleared. (Why does it keep coming back?)

    There is one bug remaining. When I go to access my WP Dashboard panel the structure is broken: instead of it been set out as you'd normally expect it the panel is just straight down: the structure is broken

    So question how do I fix that?

    I want to force an upgrade when I get back in and hopefully that will also get rid of rogue files. Can I do an upgrade via FTP and if so what affect would that have on my databasse?

  2. kah22
    Member
    Posted 1 year ago #

    Found an answer: re-install everything except - do not overwrite wp-config.php or wp-content folder

    Done and everything is working again

    But one more question why did that code keep appearing and reappearing even though I had went through all index.php files and removed the offending code manually? Seeking knowledge.

  3. Samuel B
    moderator
    Posted 1 year ago #

    it's possible there is something in database and hack will re-appear
    time will tell

  4. terriann
    Member
    Posted 1 year ago #

    Also check your header.php and footer.php files in your theme for weird JavaScript and remove that. Make sure no new users have been added to your admin. That's what happened to me when I got JohnnyA hacked a few months back. Even after I removed the JS from my header & footer the bug did re-appear a few times so there's probably something in the DB as well or an added file that gets hit to re-insert the bad JavaScript that redirects. My host (mt) after quite a support thread finally ran a scan for me and removed all the malware.

    Also if you use Google's WMT you'll have to let them know when the malware is removed to make sure your site doesn't take any Google penalty.

  5. kah22
    Member
    Posted 1 year ago #

    Hi Guys thanks for the support. Don't really know what weird JavaScript would look like.

    Amyway the site was put up on my personal webspace for an author friend of mine - he has about 20 posts. We'll be transferring them sometime next week to his own website - a complete new look.

    It will take a bit of time I know but I'll probably wipe everything in his existing website, database the lot and start from scratch and then just post and paste the material in page by page that way I'll be reasonably happy that no bug is been transferred.

    Kevin

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.