Can’t find the backdoor (malware)

  • Resolved kvandelaak

    (@kvandelaak)


    9 years, 2 months ago

    Everytime I browse to my website. I get redirected to some spam sites. On mobile it gives me an uber popup msg. I found some strings with your app but can’t remove it.

    this is what I see through firefox dev view

    <script async=”async” type=”text/javascript” src=”//go.mobisla.com/notice.php?p=628268&interactive=1&pushup=1″></script>
    <script type=”text/javascript” src=”//go.pub2srv.com/apu.php?zoneid=1063894″></script>

    On every page this code comes back but no idea where it hides in the WordPress php.

    please help!

    • This topic was modified 9 years, 2 months ago by kvandelaak.
    • This topic was modified 8 years, 4 months ago by Jan Dembowski.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 16 through 19 (of 19 total)
1 2
  • hayat5050

    (@hayat5050)

    8 years, 8 months ago

    gobu check your functions.php files
    the malware script might be written in starting few lines, remove them. then remove feed.php file from wp-include folder which causes some user have the adware, and some not!

    gobu

    (@gobu)

    8 years, 7 months ago

    Hey @hayat5050!

    I have nothing weird in the function.php file of my child theme or parent theme :/

    gobu

    (@gobu)

    8 years, 7 months ago

    In the meantime, I found that the malware was writing some IPs in a file called wp-feed.php in wp-includes. If the IP is in this list, the user doesn’t get the ad…

    Plugin Author Eli

    (@scheeeli)

    8 years, 6 months ago

    Please note that this topic is resolved. The malicious code posted here is already in my definition updates and my plugin will find it and fix it for you.

Viewing 4 replies - 16 through 19 (of 19 total)
1 2

The topic ‘Can’t find the backdoor (malware)’ is closed to new replies.