WordPress.org

Ready to get started?Download WordPress

Forums

Strange malware issue (8 posts)

  1. dionsis
    Member
    Posted 2 years ago #

    OK I've a new malware that just will not go away.

    I thought it was only appearing at the top of category listing pages.

    Currently I can see it at the top of
    http://www.goldenplec.com/news/
    http://www.goldenplec.com/reviews/
    http://www.goldenplec.com/interviews/

    but I've now also spotted it at the top of a PAGE
    http://www.goldenplec.com/about-us/about/

    I have Completely cleared the drive and installed a fresh wordpress and uploaded a clean theme but it's still there.

    All the links go to a site http://www.aneeve.com to a generic viagra link, Has anyone encountered this malware before or yet? Anyone got any idea's for removing it.

    I'm starting to think it might be something has gotten into the database but I don't know where to check first.

  2. kmessinger
    Volunteer Moderator
    Posted 2 years ago #

  3. dionsis
    Member
    Posted 2 years ago #

    Yes I know all these, I've stated above I did all the usual.

    Copy and pasting without reading a post isn't really helping. Just because I've put malware in the title doesn't mean I've no clue what I'm doing.

  4. gregghawes
    Member
    Posted 2 years ago #

    Did u find a solution yet? I just noticed the exact same thing on 2 of my sites

  5. gregghawes
    Member
    Posted 2 years ago #

    I seemed to have removed it on my sites now, I just clicked re-install wordpress and then cleared cache

  6. MickeyRoush
    Member
    Posted 2 years ago #

    @ dionsis

    It seems as though you've had a problem for sometime from checking out your other posts. Have you checked your FTP/SFTP logs to see if anyone is gaining access that way?

    What about using the File Monitor plugin:
    http://wordpress.org/extend/plugins/wordpress-file-monitor/

    Or the TTC WordPress Tripwire Tool plugin:
    http://wordpress.org/extend/plugins/ttc-tripwire-plugin/

    You probably already did this, but I'll ask anyways. What about checking everything in your wp-content directory? A lot of times malicious scripts hide there because those files are usually not replaced. And if they are replaced with a backup that has the infection already hiding in there, well, you get the picture.

  7. dionsis
    Member
    Posted 2 years ago #

    The last 3 months have been a constant barrage of malware.

    I have removed everything a couple of times over, this includes wp-content directory, re-uploading my theme and downloading and reconfiguring my plugins.

    for some reason ProFTPd isn't producing logs, I'll look into that now and get it logging access via FTP.

    I disabled a plugin called Google Analyticator
    http://wordpress.org/extend/plugins/google-analyticator/

    cleared the cache and the links are gone. I don't want to sully a plugin unneccessarily so can anyone else suffering from these say if they are using that plugin or not?.

    File Monitor looks like a good idea, I have added that plugin as a second guard. I have already written a shell script or two that scan my root directory and wordpress files for any mention of base64, superpooper, and to mail me if it finds any mention of these classic malware entries. Can never have too much backup

  8. gregghawes
    Member
    Posted 2 years ago #

    I wasn't using that plugin

Topic Closed

This topic has been closed to new replies.

About this Topic