perezbox
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Weird visitorTracker code suddenly on my siteHi All
Here is an update to the latest trend: https://blog.sucuri.net/2015/09/wordpress-malware-visitortracker-campaign-update.html
Thanks
Hi Nick
The fix should be pushed now.
Thanks for bringing it to our attention.
Tony
Hi @nick
Thanks for the note.. we’re investigating.. I assure you, we didn’t just up and let it happen intentionally.
Stay tuned..
Thanks
Tony
Forum: Fixing WordPress
In reply to: Parse error: syntax error, unexpected '/' on line 12 .phpHi All
We just published an article updating some information pertaining to this infection and the trends we’re seeing:
https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html
Forum: Fixing WordPress
In reply to: Weird visitorTracker code suddenly on my siteHi All
We just published an article updating some information pertaining to this infection and the trends we’re seeing:
https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html
Forum: Reviews
In reply to: [Sucuri Security - Auditing, Malware Scanner and Security Hardening] Not freeHi David
Where do you feel you were cheated? From what the documentation offers, how did the plugin not do what it said it would?
I look forward to your thoughts on why we are a sleazy and deceptive vendor.
Thanks
Hi @tallguy1000
I’d love to understand more the pieces you feel that we emphasis as Free but only offer under a paid version?
A couple of things to note.
1 – We don’t have a premium plugin. This is the plugin we have.
2 – There is only one module, the Website Firewall that requires an API key that must be paid if you want to use it. It’s why we’re clear it is Optional.
3 – Here are a list of all the free things in the plugin that do not require a payment, which is why Free is emphasized:
– Auditing << Critical security / administration function
– Alerting << you need to know if something is up
– Remote Scanning
– Integrity Checking of core files
– Post Hack Actions
– HardeningWhich of these do you believe we are not offering for free as advertised in the plugin documentation?
Thank you so much for your time.
Tony
Forum: Hacks
In reply to: Link injected into site in any page.Hi
You’re dealing with similar issue to another person, whom was dealing with Casino injections. Very similar issue.
Here are a few articles that might help:
1 – http://blog.sucuri.net/2014/11/combat-blackhat-seo-infections-with-seo-insights.html
2 – http://blog.sucuri.net/2013/02/payday-loan-spam-affecting-thousands-of-sites.html
3 – http://blog.sucuri.net/2013/11/the-story-of-cliprect-a-black-hat-seo-trick.html
Getting rid for good is going to be very hard to say without knowing more about your specific situation.
Good place to start to improve your posture is:
1 – http://codex.wordpress.org/Hardening_WordPress
2 – http://codex.wordpress.org/FAQ_My_site_was_hacked
I’d start there before going too crazy with anything else.
In short, Blackhat SEO infections like what you’re dealing with aren’t quick little things to content with. What it’s really telling you is that you’ve hacked, compromised. Someone has gain access to your WordPress install and is abusing your audience and brand.
What are you doing or have you done to avoid this?
Thanks
Forum: Hacks
In reply to: Spam Casino Links on my websiteHi
You’re dealing with SEO spam, very common.
Here are a few articles that might help:
1 – http://blog.sucuri.net/2014/11/combat-blackhat-seo-infections-with-seo-insights.html
2 – http://blog.sucuri.net/2013/02/payday-loan-spam-affecting-thousands-of-sites.html
3 – http://blog.sucuri.net/2013/11/the-story-of-cliprect-a-black-hat-seo-trick.html
Getting rid for good is going to be very hard to say without knowing more about your specific situation.
Good place to start to improve your posture is:
1 – http://codex.wordpress.org/Hardening_WordPress
2 – http://codex.wordpress.org/FAQ_My_site_was_hacked
I’d start there before going too crazy with anything else.
In short, Blackhat SEO infections like what you’re dealing with aren’t quick little things to content with. What it’s really telling you is that you’ve hacked, compromised. Someone has gain access to your WordPress install and is abusing your audience and brand.
What are you doing or have you done to avoid this?
Thanks
Feel free to send us an email at info@sucuri.net
Thanks
Hi @carlwwilson
The WordPress forum is probably not the place to engage on this. Do you have an email we can engage you on?
Thanks
Forum: Fixing WordPress
In reply to: All my sites (6) hackedThat’s correct folks, the real issue here is the arsenal of payload being leveraged once inside the environment.
You are suffering reinfections because of the type of backdoors being leveraged, all designed to address half, if not all, the hardening recommendations in that Hardening documentation. Sorry we don’t have better news.
1 – you have to figure out how to stop the malicious request coming to your server. You can do this via modsec if you have a VPS, or leverage a firewall
2 – Once you have stopped the requests, then go about cleaning. If you don’t do it this way, you’ll clean simply to find it reinfected. Even if you remove the revslider or any other vulnerability plugins / themes. Once in your environment, consider it owned.
If you have an environment with multiple sits, consider your entire stack owned. You can’t trust JS, PHP or Images. We’re finding payloads injected into image headers and functioning as backdoors.
All the best
Forum: Fixing WordPress
In reply to: All my sites (6) hackedHi Folks
Here is an update on what the SoakSoak Campaign is doing: http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpress-websites.html
Hope this helps
That’s really odd. Someone put that website behind our Firewall. Who is the owner of that website?
Thanks
Hi
I see, you tried to scan your website which is behind CloudProxy..
🙂
Ok, we’ll get this situated..
Would you mind submitting a ticket here: https://support.sucuri.net/support/?new
Select the Firewall option. Then paste the screen shot link? This will get it to the Proxy team faster than this forum. Allowing us to clear this issue. Likely just triggered one of our rules..
🙂