WordPress.org

Ready to get started?Download WordPress

Forums

Anti-Malware (Get Off Malicious Scripts)
[resolved] Can't remove redirect to pharma site (5 posts)

  1. Pewit
    Member
    Posted 1 year ago #

    Hi Eli

    My initial scan revealed 4 infected files which the plugin repaired.

    A scan on Google says the site isn't blacklisted and a scan on the domain root (mydomain.com) using Sucuri SiteCheck says the site is clean.

    However, if I perform the same scan on the WordPress folder <mydomain>/wp/ then the Sucuri SiteCheck says:
    Suspicious conditional redirect.
    Details: http://sucuri.net/malware/entry/MW:HTA:7
    Redirects users to:http://order-safely-online.webs.com/

    I also scanned with Vurustotal which also shows the same redirect.

    I can't see anything suspicious in the .htaccess or index.php files in the /wp folder - is there somewhere else I should look?

    http://wordpress.org/extend/plugins/gotmls/

  2. Pewit
    Member
    Posted 1 year ago #

    I have also sent you an email invitation with an Admin login to the site.

    Paul

  3. Eli
    Member
    Plugin Author

    Posted 1 year ago #

    Got it, Thanks!

    I think that Suspicious conditional redirect is gone already. that must have been cached results that you were seeing on sucuri.net because they say you are clean now (even when scanning the /wp/ site). virustotal.com also says your site is clean now.

    I am running deeper scans on your site now and I have found a backdoor that may have been responsible for planting that malicious code in the first place. I will let you know as soon as I'm sure of what it is and I'll add it to my definition update and quarantine it too.

    Aloha, Eli

  4. Eli
    Member
    Plugin Author

    Posted 1 year ago #

    I have identified that backdoor, added it to my definitions update, and removed it for you.

  5. Pewit
    Member
    Posted 1 year ago #

    Excellent news and incredible service - I have made a donation!

    Regards

    Paul

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic