1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HELP!! Paypal Email Valid Checker Blocking My Site

Discussion in 'Black Hat SEO' started by brchcar1445, May 28, 2016.

  1. brchcar1445

    brchcar1445 Regular Member

    Joined:
    Mar 28, 2008
    Messages:
    393
    Likes Received:
    583
    Hello,

    My site is being blocked right now by a Paypal Email Valid Checker script. I know next to nothing about this and nothing I do makes it go away. I did a malware sweep with Anti-Malware, but it didn't stop it from appearing. Ive tried shutting the site down and making it go into an under maintenance status, but this script is overwriting that. I have no idea where this thing is. I have included a screenshot. I run wordpress and still have access to my dashboard.

    Please, if anyone could help with this!
     

    Attached Files:

  2. BlogPro

    BlogPro Power Member

    Joined:
    Apr 23, 2012
    Messages:
    521
    Likes Received:
    451
    You're hacked. Congratulations.

    The script has most likely taken over your index.php or has edited your header.php for a confirmed DOM based overwrite.

    Run a sucuri site scan.
     
  3. brchcar1445

    brchcar1445 Regular Member

    Joined:
    Mar 28, 2008
    Messages:
    393
    Likes Received:
    583
    Thanks Blogpro... I ran sucuri, says the site is clean... Any other suggestions?
     
  4. BlogPro

    BlogPro Power Member

    Joined:
    Apr 23, 2012
    Messages:
    521
    Likes Received:
    451
    Don't run an external scan. Install the sucuri plugin and then run a scan.

    Also, were you using a nulled theme/plugin on your site? Be honest.
     
  5. brchcar1445

    brchcar1445 Regular Member

    Joined:
    Mar 28, 2008
    Messages:
    393
    Likes Received:
    583
    Ya, I am. I have been using it for like 3 years now, and run malware scans every week. I installed the plugin, getting ready to scan now.
     
  6. brchcar1445

    brchcar1445 Regular Member

    Joined:
    Mar 28, 2008
    Messages:
    393
    Likes Received:
    583
    Damn, just ran scan. Said it has found nothing.
     
  7. brchcar1445

    brchcar1445 Regular Member

    Joined:
    Mar 28, 2008
    Messages:
    393
    Likes Received:
    583
    Under the dashboard, where it says core integrity, there is a paypalchecker.zip. How do I get to it though?
     
  8. BlogPro

    BlogPro Power Member

    Joined:
    Apr 23, 2012
    Messages:
    521
    Likes Received:
    451
    Your best bet would be to delete "all files". Then get your host to run a server wide scan to make sure nothing else was corrupted.

    Nulled plugins have exploits that call back to the exploiter's server. These can lie dormant for years, like a simmering pot of gold for the exploiter. He can dip into it whenever he wants. It could be years before he even bothers looking.

    When needed, he could run an automated script that would exploit his pre-coded vulnerability and hack his victims on will.

    Find it via FTP. The core integrity checker looks for file that are unnatural in your wordpress's core. You can delete it via the Sucuri panel, but the zip file already seems to have done it's job.
     
  9. brchcar1445

    brchcar1445 Regular Member

    Joined:
    Mar 28, 2008
    Messages:
    393
    Likes Received:
    583
    I think your right, deleted the files, but it's still there. I just submitted a ticket with my hosting. Thanks for helping out man, I really appreciate it.