WordPress.org

Ready to get started?Download WordPress

Forums

malware in functions.php (14 posts)

  1. wassem mansour
    Member
    Posted 2 years ago #

    hi

    i am having malware in my theme in wordpress 3.3.1 it is found in functions.php here is the code i can't find what is causing this???

    can someone help

    [ Do not post malware code here. If you must share (really you don't need to) use pastebin.com instead. ]

  2. wassem mansour
    Member
    Posted 2 years ago #

  3. perezbox
    Member
    Posted 2 years ago #

    If what was955 doesn't work let us know. Post the url also so that we can take a look.

    Thanks

  4. wassem mansour
    Member
    Posted 2 years ago #

  5. perezbox
    Member
    Posted 2 years ago #

    Hi what is your site.

  6. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    Use the links that Jan posted above,.

  7. wassem mansour
    Member
    Posted 2 years ago #

  8. perezbox
    Member
    Posted 2 years ago #

    Hi was955

    Have you followed the links Jan provided? Where are you in the process?

    Did you already remove it from your site?

    As to what is causing it, its always hard to say without analyzing your site.

    The one thing I would add is don't stop at looking at just this site, extend it to the server or account in which it sits. It could be a backdoor you are missing.

    Here is an example of why: http://blog.sucuri.net/2012/03/website-cross-contamination-blackhat-seo-spam-malware.html

    Another big trend we're seeing is this: http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html

    There are also all the obvious things like vulnerable third party tools and poor server and account management.

    As you can see, many variables to consider.

    Thanks

  9. wassem mansour
    Member
    Posted 2 years ago #

    well i always remove the code from the functions.php the problem it comes back.

    i am trying all the options

    the site is the only site who is infected in the server

  10. well i always remove the code from the functions.php the problem it comes back.

    That's why it's really critical that you delouse your WordPress installation as well as your server. If you don't close the door that the attacker is using, you'll just continue to attack the symptoms.

    Follow those links I posted earlier, they really can help you understand as well as help you clean up that mess.

  11. perezbox
    Member
    Posted 2 years ago #

    +100 Jan

  12. wassem mansour
    Member
    Posted 2 years ago #

    ok i'll continue tommorow

    should i delete unactive plugins

  13. perezbox
    Member
    Posted 2 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic