• Resolved praybould

    (@praybould)


    This is part of the chat with my hosting company support. We resolved the issue by restoring a backup from June 14, 2026. My input is in Bold Italics.

    I can provide a zip file with the pre-infected html and post-infected html.

    Thanks for your patience—I’ve checked your site and there are no obvious file-based infections, but your friend’s analysis suggests a database or JavaScript injection that standard scans can miss.

    The client sent 2 html files to show the difference between the pre and post infection. The pre html file in MS Word is 124 pages 6600 words. The post hack is 878 pages and 11353 words.

    That size jump is a strong sign of injected content—especially if the post-hack file is much longer without a real content change.
    Most often this points to hidden script injection, extra markup added into the page, or a redirect block being appended.

    I can provide a zip file with the pre-infected html and post-infected html.

    Looking at the Wordfence log, I saw that a new user was added on June 10, 2026. I deleted him.

    HOW DO I PREVENT NEW USERS

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.