Support » Plugin: Wordfence Security - Firewall & Malware Scan » Suspected malware URL

Viewing 13 replies - 1 through 13 (of 13 total)
  • Getting the same alert here as well except for me
    Filename: wp-content/plugins/google-sitemap-generator/sitemap-core.php
    Bad URL: http://www.google-analytics.com/collect
    File Type: Not a core, theme or plugin file.
    Issue First Detected: 54 mins ago.
    Severity: Critical
    Status New
    This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: http://www.google-analytics.com/collect

    Gravityscan shows a similar warning:

    Malicious link: https://www.google-analytics.com/analytics.js

    I am getting the same error for a header.php file.

    I looked at my code guard backups for the past 4 months. As far as I can tell this file is not new and has not changed. So I am questioning if this is a false positive?

    File contains suspected malware URL: /home3/ab19087/public_html/jeffersonrubber.com/wp-content/themes/boydbootstrap/header.php
    Filename: wp-content/themes/boydbootstrap/header.php
    Bad URL: http://www.google-analytics.com/analytics.js’,’ga
    File Type: Not a core, theme or plugin file.
    Issue First Detected: 1 hour 6 mins ago.
    Severity: Critical
    Status New
    This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: http://www.google-analytics.com/analytics.js’,’ga

    Same error here as well, with Wordfence Premium. It appears to be in almost all cached pages (with wp-rocket)

    /wp-content/cache/wp-rocket/domainname.com/blog/index-https.html
    Bad URL: http://www.google-analytics.com/analytics.js’,’ga
    File Type: Not a core, theme or plugin file.
    Issue First Detected: 3 hours 45 mins ago.

    Hi Guys,
    I get a similar message with wordfence gravityscan… but nothing is detected with wordfence premium…(!)
    “WARNING: Visiting this page in your browser may cause harm to your computer. It’s recommended that you try to locate the offending string in the source file or in your database. If you do decide to visit a page with malware make sure to turn Javascript off prior to visiting the page.

    Malicious link: https://www.google-analytics.com/analytics.js

    Problem: Listed on the Wordfence Threat Defense Feed blacklist. [more info]”

    This is quite of a problem…

    What should I do? Remove google analytics?

    +1 same on …wp-content/plugins/google-sitemap-generator/sitemap-core.php
    What’s wrong ?

    Filename: wp-content/plugins/google-sitemap-generator/sitemap-core.php
    Bad URL: http://www.google-analytics.com/collect
    File Type: Not a core, theme or plugin file.
    Issue First Detected: 6 hours 3 mins ago.
    Severity: Critical
    Status New

    This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: http://www.google-analytics.com/collect

    Same here:

    * File contains suspected malware URL:
    http://www.google-analytics.com/analytics.js’,’ga

    Me to – notified by GravityScan, but only on one of the sites GravityScan monitors, not any of the others

    Based on Wordfence support google-amnalytics.com was added to Wordfence’s threat defense feed blacklist by accident and has been removed.

    New scans should not be reporting this anymore.

    Me too. Wordfence Premium picked ut up this morning. 150 files.

    • This reply was modified 2 years, 3 months ago by ad2009.

    I’m having the same issue as well. I won’t copy it all here but the offending file seems to be http://www.google-analytics.com/analytics.js.

    Plugin Author WFSupport

    (@wfsupport)

    This is because one of the blacklist sites we monitor and check against had listed those urls as malicious. We became aware of the issue shortly thereafter and removed it yesterday around 11pm. It was there for about 3 hours. We do check manually when we import these but this list contained about 500 urls and that’s why it was missed. If you do a new scan this should not be a problem.

    tim

    As expected, this warning was a false alarm and all Wordfence scans and Gravityscan scans on several sites, no longer show the above-reported malware and the issue has disappeared.

    @ad2009
    You did not mention any URLs connected to Google Analytics. From a part, now deleted, of the information on your post earlier, you reported another file not related to the URL in this report. It could indeed be actual malware. Run the scan again and follow the instructions in the Wordfence scan results

    • This reply was modified 2 years, 3 months ago by Malae.
    • This reply was modified 2 years, 3 months ago by Malae.
Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Suspected malware URL’ is closed to new replies.