Can't remove redirect to pharma site

  • Resolved Pewit

    (@pewit)


    11 years ago

    Hi Eli

    My initial scan revealed 4 infected files which the plugin repaired.

    A scan on Google says the site isn’t blacklisted and a scan on the domain root (mydomain.com) using Sucuri SiteCheck says the site is clean.

    However, if I perform the same scan on the WordPress folder <mydomain>/wp/ then the Sucuri SiteCheck says:
    Suspicious conditional redirect.
    Details: http://sucuri.net/malware/entry/MW:HTA:7
    Redirects users to:http://order-safely-online.webs.com/

    I also scanned with Vurustotal which also shows the same redirect.

    I can’t see anything suspicious in the .htaccess or index.php files in the /wp folder – is there somewhere else I should look?

    http://wordpress.org/extend/plugins/gotmls/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter Pewit

    (@pewit)

    11 years ago

    I have also sent you an email invitation with an Admin login to the site.

    Paul

    Plugin Author Eli

    (@scheeeli)

    11 years ago

    Got it, Thanks!

    I think that Suspicious conditional redirect is gone already. that must have been cached results that you were seeing on sucuri.net because they say you are clean now (even when scanning the /wp/ site). virustotal.com also says your site is clean now.

    I am running deeper scans on your site now and I have found a backdoor that may have been responsible for planting that malicious code in the first place. I will let you know as soon as I’m sure of what it is and I’ll add it to my definition update and quarantine it too.

    Aloha, Eli

    Plugin Author Eli

    (@scheeeli)

    11 years ago

    I have identified that backdoor, added it to my definitions update, and removed it for you.

    Thread Starter Pewit

    (@pewit)

    11 years ago

    Excellent news and incredible service – I have made a donation!

    Regards

    Paul

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Can't remove redirect to pharma site’ is closed to new replies.