Support » Plugin: Wordfence Security - Firewall & Malware Scan » Malware Javascript

  • Resolved AndrewLeonard

    (@andrewleonard)


    Twice now we have been infected by the following code:
    <script type="text/javascript" src="//xxxxxxx.com/apu.php?zoneid=676630" async data-cfasync="false"></script>
    It gets put into the database and ends up at the bottom of each page and post (and also in TablePress)
    I do not understand how this happens
    If I restore the database, the problem is cured but it re-appears
    Any advice gratefully received

    • This topic was modified 2 months, 1 week ago by  Jan Dembowski. Reason: Removed tag and domain
Viewing 2 replies - 1 through 2 (of 2 total)
  • @slhatton
    Can you get this?
    I agree with you
    I think we found the code in wp_posts
    I have a colleague helping me who suggested looking at the database
    I think it would be good for us to communicate but I am not sure how

    • This reply was modified 2 months ago by  Andrew Nevins. Reason: Email solicitation redacted
    Plugin Support WFGerroald

    (@wfgerald)

    Hey @andrewleonard,

    I’m sorry to hear that you’re experiencing this, I know it can be frustrating.

    Please update your database, (s)FTP, and hosting panel credentials.

    Also, make sure all software on the site is up to date.

    If the site is being reinfected after restoring the database it means either it’s not fully restoring before the compromise, or the point of entry is elsewhere. My best suggestion would be to get with a hack repair service to have a professional clean it, and patch the point of entry.

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Thanks,

    Gerald

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Malware Javascript’ is closed to new replies.