Try cleanig our browser cache, and then try again.
/ptj_11
This is nothing Wordfence would have anything to do with, or be able to control!
Hi both
Thank you for your replies.
Clearing the cache won’t help as it is replicated on all visitor’s browsers
My point about wordfence is it is not picking it up and I wondered if this is a new issue
Could You tell me, what address the spamsite has?
/ptj_11
You could try this:
Download a complete backup from your webhotel to your pc, then download and install this program- TotalCommander from here: http://www.ghisler.com/
Then use the Totalcommander option- “Find Text (Commands/Search/Find Text”, put in the address for the spam site and let it search through your backup.
This might tell you, where to find the solution.
/ptj_11
Hi @matarij,
Yes, this could be a new type — we’re constantly adding new signatures for malicious files, and new malicious files are being developed all the time. It is possible for malware to push a URL into the browser’s history, to cause the back-button behavior like this. It could be a javascript file or an inline script on the page.
We have a guide for cleaning hacked sites here — some of the additional scan options or other techniques may help find the malicious file:
How to clean a hacked website
If you find a file by these methods, we accept malware samples at the email address samples (at) wordfence.com, to be analyzed and added to future scans.
-Matt R
The site that the back button goes to is:
http://9jokers.com/calculated-af/4942.html
Thank you Matt R – if I find the file I will certainly let you have it.
