Thread Starter
was955
(@was955)
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
If what was955 doesn’t work let us know. Post the url also so that we can take a look.
Thanks
Thread Starter
was955
(@was955)
Use the links that Jan posted above,.
Thread Starter
was955
(@was955)
Hi was955
Have you followed the links Jan provided? Where are you in the process?
Did you already remove it from your site?
As to what is causing it, its always hard to say without analyzing your site.
The one thing I would add is don’t stop at looking at just this site, extend it to the server or account in which it sits. It could be a backdoor you are missing.
Here is an example of why: http://blog.sucuri.net/2012/03/website-cross-contamination-blackhat-seo-spam-malware.html
Another big trend we’re seeing is this: http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html
There are also all the obvious things like vulnerable third party tools and poor server and account management.
As you can see, many variables to consider.
Thanks
Thread Starter
was955
(@was955)
well i always remove the code from the functions.php the problem it comes back.
i am trying all the options
the site is the only site who is infected in the server
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
well i always remove the code from the functions.php the problem it comes back.
That’s why it’s really critical that you delouse your WordPress installation as well as your server. If you don’t close the door that the attacker is using, you’ll just continue to attack the symptoms.
Follow those links I posted earlier, they really can help you understand as well as help you clean up that mess.
Thread Starter
was955
(@was955)
ok i’ll continue tommorow
should i delete unactive plugins