aages
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: How to remove this scam popupHowever I cleaned out my problems with removing this script in my footer.php and nothing else had to be done – the pop-up gone and clean results from Sucuri
- This reply was modified 4 years, 1 month ago by aages.
Forum: Fixing WordPress
In reply to: How to remove this scam popupLook at my earlier past link: https://radio-alanya.no/Securi_results.txt
I found the script in the the Theme Footer – footer.php.
Check it out but it was far below at the very end of the file – and I deleted it – result – clean and site working like new.Forum: Fixing WordPress
In reply to: How to remove this scam popupFinally – I found!!!!
After nearly 7 days of sleepless nights and with a lot, a lot of assistance here I found the script :
“Known javascript malware: malware.injection?100eval(function(p,a,c,k,e,d…… ( see previous posts for complete file)” – it was added in the footer.php so far down that I did not even check it all when I had a look on it earlier. I found it using search in Kate opening my backed up files.
…and now Sucuri is giving a clean “status” and now I will try to make it more secure.
At the end a great experience and a lot of learning – THANKS AGAIN ALL!Forum: Fixing WordPress
In reply to: How to remove this scam popupSELECT post_title FROM wpek_posts WHERE post_title = “404testpage4525d2fdc” resulted in 0.
Better Search & Replace did not find anything − = 0 for all.
Will spend some time to look into:
SELECT post_title FROM wpek_postsBye the way, all error pages that Securi is finding are identical.
If I cannot solve this happenings myself or with Support assistance I will most likely close down the site for good as it is a charity none commercial site and the site depends on me and how much I can use of own resources to keep it up, however I am very grateful for all assistance you have given.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
- This reply was modified 4 years, 1 month ago by aages.
Forum: Fixing WordPress
In reply to: How to remove this scam popupJust a question: If I search the sql file (text based using Kate) from the db backup Shouldn’t I be able to find the “404testpage4525d2fdc” ?
I do not find it there and I cannot find it using phpMyAdmin either – might be I not doing correct search in the latest?.
Forum: Fixing WordPress
In reply to: How to remove this scam popupWell, I edited my post prior to your comment – I backed up and deleted the 4 tables.
Securi scan is still reporting same findings as earlier.
Forum: Fixing WordPress
In reply to: How to remove this scam popupNo I get only wpek_actionscheduler_actions Columns Changes: 13 for searching both eval( and basecode64_decode<.
However looking better into the DB itself with WP-Optimize 3.2.3 i found that I do not have any Action Scheduler Plugin installed also checking my Plugins in wp-admin there is none. Have a look on this link (it is longer than shown on screenshot): https://radio-alanya.no/actionsceduler.png
All content in the tables are prior to the date 10.04.2021
By the way this plugin is not handled by wp plugin support any longer – the refer to GitHub.
Followed by the table actionscheduler_actions, actionscheduler_claims, actionscheduler_groups and actionscheduler_logs has same result.
I belive this tables ar left over from earlier days and I should be able to remove them ? – Well I did after backing up db – and now this is gone
Forum: Fixing WordPress
In reply to: How to remove this scam popupUsing Search and Replace and found:
https://radio-alanya.no/search%20and%20replace_eva(.png
https://radio-alanya.no/search%20and%20replace_base64_decode.pngBetter Search Replace did not find anything.
- This reply was modified 4 years, 1 month ago by aages.
Forum: Fixing WordPress
In reply to: How to remove this scam popupsql on db using eval( and base64_decode (separate) is not accepted so I searched the open text basesed db using find with Kate
- This reply was modified 4 years, 1 month ago by aages.
Forum: Fixing WordPress
In reply to: How to remove this scam popupDid a deep search and research of eval( and base64_decode of all files and the opened backed up db – no results at all.
- This reply was modified 4 years, 1 month ago by aages.
Forum: Fixing WordPress
In reply to: How to remove this scam popupThis what I got from Stack Overflow:
Welcome! FYI this is off-topic here, as it has nothing to do with programming. But also: you’re posting a link that people have to follow, to even begin to understand what you’re referring to. And you’ve tagged this as malware and spam – really, nobody should be clicking on that link. –
David Makogon
53 mins agoForum: Fixing WordPress
In reply to: How to remove this scam popupHi again, thank you so much for bearing with me and assisting me a lot.
Checked all the css folders and under folders and it was the same number here and what you had, and – I did not see any funny change dates either on mine as this pop_up started only about a week or two ago.
Have made a link to Securi findings.Forum: Fixing WordPress
In reply to: How to remove this scam popupYes I see .htaccess in the folder but no .git using cPanel
Forum: Fixing WordPress
In reply to: How to remove this scam popupDid scan the site several times today using:
https://ww.wp.xz.cn/plugins/wordfence/ and
https://ww.wp.xz.cn/plugins/gotmls/All resulted in nothing found – Clean
Tried Securi again see: Screenshot of Securi scan https://radio-alanya.no/Securi_scan.png
Comments on finding:
I cannot find any https://radio-alanya.no/.git/HEAD in file managerand do not understand which file referred to in:
https://radio-alanya.no/wp-includes/css/Took care of both “More Details” when opened them if needed.
Forum: Fixing WordPress
In reply to: How to remove this scam popupModerator should remove this last thread as it only links up to the porn chat entrance.
- This reply was modified 4 years, 1 month ago by aages.
