Will Premium help me?

  • Resolved Greg

    (@dropshipper)


    10 years, 9 months ago

    Hi,

    I think I have Malware and I think it’s rogue Javascript. Here’s what happens:

    I load my site, no problem.

    As soon as I click anywhere on the page I get a spam popup which opens in a new window.

    The web addresses change each time but it’s typical spam stuff like Mackeeper or a spam MP4 video which has the name of my site as the title.

    After a set period of time (around 30 minutes) any click has the same effect so it’s on some kind of timer too.

    I’m using the free version of Wordfence (awesome) and it’s not giving me any warnings. I don’t think the issue is with WP core files. I’ve also run a site scan on another website which didn’t detect anything.

    Happens in both Safari and Chrome. Doesn’t happen on any other sites I visit.

    So my big question is: Can Wordfence help me or do I need to manually check theme/plugins etc?

    Thanks!

    My site is https://setlr.com

    Greg

    https://wordpress.org/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • WFBrian

    (@wfbrian)

    10 years, 9 months ago

    Hi Greg,

    Make sure all of your themes and plugins are up-to-date. Also, try changing themes to the default theme and disable plugins one at a time. Does the issue go away? If so, note the plugin or theme causing the issue. Here are some more tips…

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    If you have questions on the Premium version, please email here:

    presales [at] wordfence.com

    Thanks!
    Brian

    Thread Starter Greg

    (@dropshipper)

    10 years, 9 months ago

    Hey Brian,

    Thanks for the response. Yes I was just about to start that process when I had an idea.

    Hope this helps anyone else who has a similar issue with a malicious website popup in their WordPress site.

    1) Inspected the page source code. Not as hard as I thought, even for a beginner to scan the scripts and stuff, looking for anything odd. I immediately saw some stuff like ‘clk’ and other domain addresses which shouldn’t be there.

    2) Copied the malicious addresses into Google, ran a search and immediately found them listed as spam. Here’s the link I was taken to:

    https://blog.sucuri.net/2015/06/sweetcaptcha-service-used-to-distribute-adware.html

    3) So for me the problem was the SweetCaptcha plugin I was using. It was using an iframe to link my users to spam sites. If you’re using SweetCaptcha, it might look sweet but it definitely isn’t – get rid!!

    Hope it helps.

    Cheers

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Will Premium help me?’ is closed to new replies.