The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

Redirection to suspect site (4 posts)

  1. tonyhir
    Posted 6 years ago #

    Using both Opera and Firefox, and always while administering a WordPress site, I have found my browser redirect me to a site called thebestantispyo.com, which purports to detect spyware on my computer. It appears to load a Windows dialogue box offering to remove a list of Trojans, and attempts to download something called Pack384.exe or the like. (Obviously I did not allow this to happen, and either pressed the Back button or closed the window.)

    Is it possible that there is a security hole in WordPress which allows this exploit?

    NB Running a full scan in my antivirus programme does not show any harm done by the redirection; but the mere fact of being redirected to a different site against my will is worrying. I am raising the issue with Kaspersky as well as in this forum.

  2. Clayton James
    Posted 6 years ago #

    If this is the site you are talking about, you have (two) 302 redirects happening.


    302 -> //arcibaldo.org/eni/eni.php
    302 -> //newyeardesgings.com/?pid=384&sid=31797c

    Visiting both urls resulted in an immediate fake virus waring, fake scan and an attempt to infect my system.

  3. tonyhir
    Posted 6 years ago #

    That is the site I am talking about, but visiting it just now did not trigger any redirection. The redirection I am talking about occurred not when visiting the site but when looking at the Tools option in the new version of WordPress, i.e. while logged in as Administrator. If either clicking on one of the options - I think it was Your Profile - triggers a redirection, or if it can occur without clicking on a link, I would be very concerned.

  4. Clayton James
    Posted 6 years ago #

    You should be concerned either way. The obvious conclusion is that you have been compromised in some manner, and that you need to find out where the redirection is coming from, and what the entry point was.

Topic Closed

This topic has been closed to new replies.

About this Topic