perezbox
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: wp-includes/simplepie/cacheHi
Which subfolders specifically have filled up? Regardless of the folder though realize that if you have actions occurring on your domain that you did not authorize it’s usually a strong indicator that something is wrong. By wrong I mean, it’s a strong indicator that you’re dealing with a hack. Usually when folders get filled with junk it’s technique used with spam campaigns.
You might want to consider reading through this guide: https://sucuri.net/guides/how-to-clean-hacked-wordpress to help you think through the delousing process.
Thanks
Tony
Forum: Fixing WordPress
In reply to: Chrome says my website contains malware?Note that the Google blacklisted you, then the domain is blacklisted. Until you submit for a review the blacklist won’t go away. Even if you switch themes etc..
FYI I just opened your site with no issue..
Forum: Fixing WordPress
In reply to: Chrome says my website contains malware?Hi @mahamnor
IT’s really going to depend on the type of warning you’re experiencing. Here is a guide that explains the different types of warnings: https://sucuri.net/guides/what-is-google-blacklist
And a guide that walks you through the process of removing said warnings: https://sucuri.net/guides/how-to-remove-google-blacklist-warning
There are different types, and it’s important to understand which is affecting you. Also, in the warning itself it will often tell you exactly why it’s being blocked.. for instance, if a malicious domain was injected it might be that the injected domain is blocked, but not your main domain, but it appears as it’s your site. If it’s phihsing, it’s fundamentally different as well. 🙂
Hope this helps, and keep me posted.
Forum: Fixing WordPress
In reply to: Mysterious code in functions.phpHi @jansal
Gotcha, if it’s newly added then it’s definitely malicious and it explains why it’s doing what it’s doing. I was asking if it was the entire function file because being unaware of the theme it’s hard to say if it’s talking to features the theme offers. Being it’s all new, and not part of the original theme, it’s safe to say it’s malicious.. 🙂
On that note, see if this guide here helps: https://sucuri.net/guides/how-to-clean-hacked-wordpress something we put together to help website owners like yourself get things situated post-hack.
Good luck
Forum: Fixing WordPress
In reply to: Mysterious code in functions.phpHi @jansal
Did you by chance copy the entire functions file for the theme here or only the part that was inserted?
Also, what theme are you using? Is it s premium or free theme?
Thanks
Forum: Plugins
In reply to: How to get rid of .bt hack?Hi @flatterblog
Been talking to some of our researchers and if you can send us a sample of the .bt files that’d be really helpful. Would you be open to it?
Hi @julie
Hard to say if it’s been hacked, but what you’re describing is what I would call a very strong indicator of a possible compromise.
Usually, when something starts to do something unexpected, and there hasn’t been an event that led to it (i.e., an update, configuration change, etc..) it’s usually a bad sign. But, one easy way to test would be to disable the plugin and open in mobile and see what happens. From what you describe, I’m not sure if it’s a plugin issue or a general issue. I’m obviously assuming no one on your team has made a change (including any updates, including core or other plugins).
Here is a guide that might help you troubleshoot: https://sucuri.net/guides/how-to-clean-hacked-wordpress
Tony
Forum: Fixing WordPress
In reply to: Unusual probelm with wordpressHi @bhopale
Activating / Deactivating plugins would definitely do the trick, but be mindful it’s a manual and in some instance a timely process. I would also check your widgets as well…
FYI – for what you described, changing hosts would not have done anything like you’ve seen. The issue is in the application, so if you moved the dirty application to another provider then you simply moved the issue. Another good place to look might be the database.
Here is a guide that might help as you troubleshoot: https://sucuri.net/guides/how-to-clean-hacked-wordpress
Forum: Fixing WordPress
In reply to: Spam link injection on site: google checkHi
So cleaning all those spammy references in the SERPs can be a real pain sometimes. You might be interested in this guide: https://sucuri.net/guides/what-is-google-blacklist it helps explain the various Google warnings and blacklists.
Also, note that the Google blacklist is specific to malware distribution. Just because they removed it doesn’t mean that you weren’t also hit with a SEP attack (SEO Spam). SEO spam doesn’t necessarily generate a blacklist warning, but could generate a SERP notice. Not always though, so you could be showing dirty SERPs and not show a warning.. I know, it’s a mind meld sometimes.
With that in mind, see if this guide helps a bit: https://sucuri.net/guides/how-to-clean-hacked-wordpress
Normally if you submit for a review, if the SPAM injection was removed it would clear.. but it’s hard to say.. Also, try to see if any of the articles here will help: https://blog.sucuri.net/category/website-seo-spam/
Thanks
Forum: Fixing WordPress
In reply to: Many malicious and unknown files reported by WordFenseHi Huriken
If all the files are in core directorie: /wp-admin and /wp-include I would download a fresh copy and replace with the new fresh copies. Don’t use the update feature in your dashboard as it won’t delete any existing files.
That will address issues in core directories, but not if there are other files. Here is a guide that might assist in that process: https://sucuri.net/guides/how-to-clean-hacked-wordpress
Good luck
Tony
Forum: Plugins
In reply to: How to get rid of .bt hack?Hi @flatterblog
Gah, that sucks.
Here is an article that talks to a similar attack in which the code was being regenerated: https://blog.sucuri.net/2016/09/cleaning-the-wp-page-pharma-hack-in-wordpress.html Not exactly the same as what you have, but I’m thinking it could help point you in the right direction. Have you checked your cron jobs, or maybe your theme files if there is code in there that is regenerated on load?
We’ve also put together this guide: https://sucuri.net/guides/how-to-clean-hacked-wordpress that you might find helpful as well.
Tony
Forum: Fixing WordPress
In reply to: Website is hackedHi @atfech
It’d be really helpful if you consolidate all your comments into one, the best possible, instead of multiple single comments.. 🙂 It’d make it a lot easier for the volunteers to read, digest and help as needed.
First, in addition to the documents provided @anevins, we’ve prepared a pretty comprehensive guide that should assist you locate what might be happening: https://sucuri.net/guides/how-to-clean-hacked-wordpress
So as to your questions:
1 – Is there a way to prevent this hack? Ofcourse there are, but it’s difficult to know where to start with understanding what exists and what you’ve done. That hardening guide you provided is definitely a good place to start.
2 – As for the vulnerabilities in WordPress, read that article WordPress – Understanding it’s True Vulnerability. Wrote it a few year ago, but still very applicable today.
3 – To help prevent Brute Force attacks, you might want to consider a 2FA plugin that enables some form of multi factor authentication when someone is trying to log in.
Best of luck
Hi
That’s actually a security warning, not a malware warning. It’s because the scan is returning a 500 error. This can be for a variety of reasons, doesn’t always mean they have malware.
Thanks