WordPress.org

Support

Support » How-To and Troubleshooting » Redirection to suspect site

Redirection to suspect site

  • Using both Opera and Firefox, and always while administering a WordPress site, I have found my browser redirect me to a site called thebestantispyo.com, which purports to detect spyware on my computer. It appears to load a Windows dialogue box offering to remove a list of Trojans, and attempts to download something called Pack384.exe or the like. (Obviously I did not allow this to happen, and either pressed the Back button or closed the window.)

    Is it possible that there is a security hole in WordPress which allows this exploit?

    NB Running a full scan in my antivirus programme does not show any harm done by the redirection; but the mere fact of being redirected to a different site against my will is worrying. I am raising the issue with Kaspersky as well as in this forum.

Viewing 3 replies - 1 through 3 (of 3 total)
  • If this is the site you are talking about, you have (two) 302 redirects happening.

    //www.greenfriends.org.uk/wordpress/

    Redirects:
    302 -> //arcibaldo.org/eni/eni.php
    302 -> //newyeardesgings.com/?pid=384&sid=31797c

    Visiting both urls resulted in an immediate fake virus waring, fake scan and an attempt to infect my system.

    That is the site I am talking about, but visiting it just now did not trigger any redirection. The redirection I am talking about occurred not when visiting the site but when looking at the Tools option in the new version of WordPress, i.e. while logged in as Administrator. If either clicking on one of the options – I think it was Your Profile – triggers a redirection, or if it can occur without clicking on a link, I would be very concerned.

    You should be concerned either way. The obvious conclusion is that you have been compromised in some manner, and that you need to find out where the redirection is coming from, and what the entry point was.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Redirection to suspect site’ is closed to new replies.