WordPress.org

Forums

Malware - Blacklist (9 posts)

  1. anemoone
    Member
    Posted 2 years ago #

    Today.
    The blog is hacked/dangerous and blacklisted. According to Google Webmaster Tools and Sucuri.net Scanner.

    http://kratery.com

    Yesterday there were some bigger problems with the new theme. Today I deleted this theme via file manager. I didn't help. In the past, some smaller things weren't OK.

    I can't even get to my wp-admin panel. The announcement about dangerous site. (by firefox)

  2. perezbox
    Sucuri.net CEO
    Posted 2 years ago #

    Hi

    Ok, if you can't get into wp-admin you need to try to reset your credentials. If you get a message saying that the email doesn't exist, and you're sure that it does, then the odds are your account has been removed by the hacker. You're going to want to log into your host administrator panel, access your database and manually overwrite the users. Some guidance on that here: http://codex.wordpress.org/Resetting_Your_Password

    As for that scounter injection, yes, you're going to want to check all your JavaScript (JS) files, that where it usually like to hide, specifically at the bottom of the files.

    You can try searching for it via GREP in terminal. Its often not just one file, often all your JS files to include those in your theme and core files.

    Happy hunting, let me know if this helps.

  3. kmessinger
    Moderator
    Posted 2 years ago #

  4. perezbox
    Sucuri.net CEO
    Posted 2 years ago #

    Oh, I forgot, When you're done with the removal and it shows cleared on SiteCheck then proceed with submitting it to Google for deblacklisting.

    SiteCheck uses the Google API when it flags, so just click the Blacklisting tab and it'll tell you who it's pulling the blacklisting from.

    Cheers.

  5. anemoone
    Member
    Posted 2 years ago #

    @perezbox

    I think it's not so bad.
    Earlier today I was doing some activities in my wp-admin. After logging out and restarting the computer, when I was just logging in, there appeared that blacklist announcement (from Firefox) and then redirect to log-in screen.

    I tried IE and I managed to log in to wp-admin via IE.

    Now only the problem of that injection.

  6. perezbox
    Sucuri.net CEO
    Posted 2 years ago #

    @anemoone good to hear on the users issues, but you'll still want to clear that scounter injection to get off Google's radar.

  7. anemoone
    Member
    Posted 2 years ago #

    @perezbox

    I'll follow your instructions against that injection. In case of success I'll submit my blog for deblacklisting.

  8. anemoone
    Member
    Posted 2 years ago #

    So far I didn't find that long code shown after the scan on sucuri.net. The number of .js files is quite big. Besides some of them are placed in css sections.

    But thanks to one of the plugins I've found a code that is very similiar to the one I'm looking for, which ii also starting with "scounter". It was placed in three themes (out of four I have left), in functions.php, also at the bottom of the files.

  9. anemoone
    Member
    Posted 2 years ago #

    Now the site is clean acording to sucuri.net scanner.

Topic Closed

This topic has been closed to new replies.

About this Topic