Forums

WordPress › Support » How-To and Troubleshooting

Virus is Found? (4 posts)

  1. kiraninfo
    Member
    Posted 3 years ago #

    Blog URL : http://in.ekanasu.com
    From today onwards my Anti Virus is saying Virus AS Found in the site. How to Remove the virus? Plz mention any good security measures to prevent from future attack

    Snap shout http://i734.photobucket.com/albums/ww348/ekanasu/snapshot.jpg

  2. Jan Dembowski
    Volunteer Mod. & Brute Squad
    Posted 3 years ago #

    You're hacked. At the bottom of that HTML for /?p=38 (from your screen capture) there is a <iframe> BAD LINK TO ATTACK SITE </irame> right after the closing </html> tag.

    In case anyone is wondering curl -o junk URL is your friend.

    See http://wordpress.org/search/hacked?forums=1 for info on how to fix it. Also give this boiler plate a read.

    Read this

    http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/

    And then read it again.

    Read this too

    http://codex.wordpress.org/Hardening_WordPress

    Upgrade to the latest version if you have not already. You need to see if there are any users added to WordPress that you don't know about/don't belong there.

    You need to go through your files and find where the spammy links are being added. If it's in wp-config.php or some other file, you'll need to make sure that is cleaned up before you can consider yourself good file wise. Look everywhere and use fresh copies of your WordPress installation, plugins, and themes.

    Look at your posts and comments and see if there are any spammy links there. You can export your whole blog to WXR and then examine the whole thing in your favorite text editor.

    Look at your server's log files. If you are on a shared server, get help from your provider. You need to identify if this was a compromise of WordPress or your server. If you do not identify the entrance which the attacker got in, odds are they will be back.

    Once you have cleaned up your hacked blog, harden it so this does not happen again.

    Good luck.

  3. RayHaddad
    Member
    Posted 3 years ago #

    Google is a harsh analyzer of web sites. You seem to be all right. Use http://www.google.com and feed in your URL. If your site has malware, Google will normally turn out a warning.

    Most of the malware I've found on sites comes from unvalidated plugins. These days, I only trust WordPress approved plugins or those I have personally inspected for malware.

    In particular, watch for any mail() function calls in an unknown plugin by doing a text search on the term "mail(" without the quotes. I've seen a plugin that captured your login data and mailed it to a third party.

    Best,
    Ray

  4. ClaytonJames
    Member
    Posted 3 years ago #

    http://www.google.com/safebrowsing/diagnostic?site=in.ekanasu.com

    However, jdembowski is correct. There are at least two hidden iframes on your site linking you to //klaomta.com/

    Here is some interesting information (possibly relevant if you discover you suffer from exploited/injected php code). //Klaomta.com is one of the listed malicious domains.

    http://blog.unmaskparasites.com/2009/04/29/another-type-of-iframe-hack-php-exploit/

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags