Porn Redirect

  • seohunter

    (@seohunter)


    8 years, 3 months ago

    Hello,
    my sites been hacked. Ive been reading around trying to find a solution. so ive scanned with with Wordfence and thats clean. I used Sucuri site and found the problem script

    There is a script link to here http://www.bmoar.com/ss.js
    its this code that has the redirect. The question i have, where and how do i find this code? ive looked in header, index, wp-config and there is nothing??
    Does anyone have any ideas?
    Thanks

Viewing 7 replies - 1 through 7 (of 7 total)
  • TrishaM

    (@trisham)

    8 years, 3 months ago

    First, please don’t link directly to malware scripts – one never knows what might happen when clicking on them, and if you post a link, sure enough someone will click on it.

    Second, that type of attack is usually too sneaky to be found in the places you’ve looked…..try searching through your site’s folders using your FTP program – start with the wp-content/uploads folder first (a most common place for injected files) but many often come in through holes in plugins, such as those that allow uploaded files (sometimes in forms plugins) or images (such as slider or other image handling plugins) so be sure to check through all of the sub-folders of all of your plugins. Sometimes they will even hide in ‘images’ folders of plugins.

    Good luck!

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    8 years, 3 months ago

    First, please don’t link directly to malware scripts

    Fixed.

    Please remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    imssimi

    (@imssimi)

    8 years, 3 months ago

    I have the same problem.

    Yet I found out, the link is in the SQL database. I tried to delete this part in a Texteditor, but it didn’t work.

    imssimi

    (@imssimi)

    8 years, 3 months ago

    I deleted all plugins – looked like fixed.
    After reinstalling the “Fancybox for WordPress” this porn site was there again.

    Do you use “Fancybox for WordPress” too?

    black_lady

    (@black_lady)

    8 years, 3 months ago

    imssimi,
    I try Yours way and I have this same: when I’ve turned off “Fancybox for WordPress” redirect disappeared. Thanks for the tip!

    imssimi

    (@imssimi)

    8 years, 3 months ago

    Today I downloaded the sql database again and there is still a rest of the hack there. I have no resolution for this. I’m not really a crack in stuff like this…. Maybe we get some info’s at this page in the next days:

    https://blog.sucuri.net/?s=Fancybox-for-WordPress+

    Just that you guys know it’s not made all with this tip. 🙁

    tomato16

    (@tomato16)

    8 years, 3 months ago

    Just “de-hacked” a website using bmoar.com/ss.js

    You need to search the database with bmoar.com, it’ll tell you it’s in options.
    Delete the whole row (key + data).
    Go to fancybox settings and reset default settings. you should be back to normal.

    Do use a plugin such as wordfence to ban brute-force login attempts. (I set it at 5 max attempts with 60 days ban)

    Hope it helps

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Porn Redirect’ is closed to new replies.