Malware

dhanken
(@dhanken)

13 years, 9 months ago

Hello,

I am newish to building wordpress sites, and have just encountered my first malware warning from google on the following site that we build http://www.mmariaswiftinteriors.com/. Webmasters is telling me that this line of code…

<script src="[ link redacted, please don't post that here. ]">

Is located in my root directory and is harmful.

I have two questions…

1. How do I locate and remove this line of code, as I’m not sure where to look…?
2. How can I prevent this from happening in the future?

Any help is greatly appreciated as I don’t know where to go from here.

Many thanks.

Danielle

Viewing 3 replies - 1 through 3 (of 3 total)

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

13 years, 9 months ago

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:

http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://codex.wordpress.org/Hardening_WordPress
http://www.studiopress.com/tips/wordpress-site-security.htm

Thread Starter dhanken
(@dhanken)

13 years, 9 months ago

Thank you. I’ve started working my way through things and have found a line of code in my .php files that looks like this (I am deleting from every file as we speak):

[ Moderated: No really, please do not post malware code here again. ]

My question is… I also found this in wp-app.php…

[ Moderated: see above about malware code. ]

Is this ok? I noticed one of the blog forums said base64_decode was a bad thing…

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

13 years, 9 months ago

dhanken? Could you please not post malware code here?

On some readers it triggers anti-virus software and honestly it does not matter what the attacker placed on your system.

The important thing is that the attacker was able to write anything to your server’s file system at all.

Please work your way through those articles, they can really assist you in solving your problem.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Malware’ is closed to new replies.

Malware

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics