Google malware

Resolved karimcuriel
(@karimcuriel)

5 years, 8 months ago

Hi guys, recently google stopped us a campaign saying this url is detected as malware “https://slider.flexible-theme.com/assets/css/settings.css” we are searching all our plugins and code and seems this url is from metaslider, is there any way to know how to reach this library and prevent this?

The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)

Kevin Batdorf
(@kbat82)

5 years, 8 months ago

Hi,

seems this url is from metaslider,

I’ve never seen this file before. What indication is there that this is from MetaSlider?

Thread Starter karimcuriel
(@karimcuriel)

5 years, 8 months ago

Thanks, well, google just give us that url via support, and we have been seeking everywhere on db, code, files and comments, and then we reach searching in google some similar urls that sends us to thinks in metaslider and is one of the plugins we have actually installed on our wp site, not exactly the url, but we came here to ask if maybe could be an old library of the plugin, etc.
Kevin Batdorf
(@kbat82)

5 years, 8 months ago
Hi,

We have a file at yoursite.com/wp-content/plugins/ml-slider/admin/assets/css/settings.css but the content is only a few lines. If you navigate to that file you should be able to confirm it matches.
```
.metaslider_page_metaslider-settings #ms-toolbar {
	@apply sticky;
}
.metaslider_page_metaslider-settings #wpfooter {
	@apply hidden;
}
```
Thread Starter karimcuriel
(@karimcuriel)

5 years, 8 months ago

Thanks for the info @kbat82 we dont have that file as you can see here https://prnt.sc/umux0l

Kevin Batdorf
(@kbat82)

5 years, 8 months ago

You’re on 3.16.4 and the latest is 3.18.1. However, the original file from your report is not from MetaSlider. It’s just a coincidence that the file name matches one that we include (which you never even had).

Was it the word “slider” that led you to think it was from MetaSlider?

Have you searched the database fort hat reference?

Can you share the URL Google provided that the malware was on? Even if it’s not MetaSlider, I’m happy to take a quick look at the page in question to see if anything stands out.

Thread Starter karimcuriel
(@karimcuriel)

5 years, 8 months ago

Thanks, yes we updated the metaslider plugin to the last version just today. Well google support only give us this:

Classification: compromised_landing_page

Timestamp: 2020-09-14 11:05 AM

Reason(s):

https://slider.flexible-theme.com/assets/css/settings.css

Classification: compromised_landing_page

Timestamp: 2020-09-14 11:05 AM

Reason(s):

https://slider.flexible-theme.com/assets/css/settings.css

But we dont have any more info about where is it. Thanks a lot for the replies, i dont want you to work outside somenthing from metaslider. Have a great day and again, thanks for the response. 🙂

Kevin Batdorf
(@kbat82)

5 years, 8 months ago

Strange. Well, I’d just check your site for that reference and remove it. Maybe do a full scan for malware as well. Best of luck!

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Google malware’ is closed to new replies.