1. This website uses cookies to improve service and provide a tailored user experience. By using this site, you agree to this use. See our Cookie Policy.
    Dismiss Notice

Maleware again ?

Discussion in 'Web Design' started by YujinTan, Nov 9, 2019.

  1. YujinTan

    YujinTan Elite Member

    Joined:
    Jan 7, 2018
    Messages:
    2,409
    Likes Received:
    245
    Home Page:
    wordfence detect these

    File Type: Not a core, theme, or plugin file from wordpress.org.


    • Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: body .figure-categories .cat-links a.category-color-2 {\x0a background-color: #f99500;\x0a }\x0a \x0a \x0a body .figure-categories .cat-links a.category-color-3 {\x0a background-co...

    Spam:HTML/spam

    file name , xxxx _index_ssl.html

    The issue type is: Spam:HTML/spam.template.categories.7593
    Description: Content often seen in hacked sites

    but I check the overall site never find anything wrong .

    So this hack is trying to copy the content post in hacked site? or ?

    is detect under malware file
     
  2. YujinTan

    YujinTan Elite Member

    Joined:
    Jan 7, 2018
    Messages:
    2,409
    Likes Received:
    245
    Home Page:
    WTH , I now using wordfence keep scanning and delete those files , it seem like entire site pages
     
  3. unknownsmmers

    unknownsmmers Senior Member

    Joined:
    Aug 6, 2019
    Messages:
    1,145
    Likes Received:
    502
    Gender:
    Male
    I'm also interested in this, watching + bookmarked.

    Somebody please provide a little insight incase I hit this issue in the future
     
  4. YujinTan

    YujinTan Elite Member

    Joined:
    Jan 7, 2018
    Messages:
    2,409
    Likes Received:
    245
    Home Page:
    dam ...still keep re run wordfence scan to scan out those pages , as mention it seem entire site pages been used to spam whatever i don't know.

    but the site still ok, the file is not the core file . I don't know what the hacker trying to do maybe trying to get my admin pass ? or?
     
  5. Index Sites

    Index Sites Junior Member

    Joined:
    Mar 27, 2019
    Messages:
    151
    Likes Received:
    46
    Gender:
    Male
    I'm not completely sure, but in my case not too long ago I was infected with malware and what it would do is create spam backlinks under my domain name even though such a link didn't exist on my site. Let's say for example your site is wordpress.net with the malware in your website directory they could create links like wordpress.net/find-dates-ages-50-plus even though this link doesn't exist under your site somehow with that malware it does and will exist until you remove said malware. I'm not sure if this was the intentions in your case but doesn't hurt to know a possibility.
     
  6. Th3 Technician

    Th3 Technician Jr. VIP Jr. VIP

    Joined:
    Sep 15, 2016
    Messages:
    519
    Likes Received:
    166
    Occupation:
    Security Engineer & Developer
    Location:
    Skype/ th3technician
    Home Page:
    Check latest modified files from cPanel file manager specially wp-blog-header.php there might be a code overwriting the HTML pages.
     
  7. YujinTan

    YujinTan Elite Member

    Joined:
    Jan 7, 2018
    Messages:
    2,409
    Likes Received:
    245
    Home Page:
    I still using wordfence to scan and keep remove those files see how it go .
     
  8. unknownsmmers

    unknownsmmers Senior Member

    Joined:
    Aug 6, 2019
    Messages:
    1,145
    Likes Received:
    502
    Gender:
    Male
    I'm not very fimiliar with wordpress (I'm new, learning SEO 1 website at a time & ranking without banklinks for months throughout my process)

    But a common answer I see with glitches / hacks / etc.

    Is to remove all plug ins.
    Then add them in 1 by 1 to figure out the issue slowly, whether it be a glitch or a BH hacked software
     
  9. unknownsmmers

    unknownsmmers Senior Member

    Joined:
    Aug 6, 2019
    Messages:
    1,145
    Likes Received:
    502
    Gender:
    Male
    I don't know how to edit in quotes,
    My answer is above

    (If you could pm me how to edit in quotes if we can, id appreciate that so I'm not repeating myself the odd time)
     
  10. TomTheCat

    TomTheCat Junior Member

    Joined:
    Oct 27, 2019
    Messages:
    137
    Likes Received:
    54
    Gender:
    Male
    To fix the issue, dump Wordpress to Recyle Bin and hire a web developer!
     
  11. dandan594594

    dandan594594 Power Member

    Joined:
    Jan 31, 2013
    Messages:
    746
    Likes Received:
    343
    Location:
    UK
    You wont remove the problem by repeatedly using wordfence, you need to find the offending file in your cPanel and remove it.

    Make sure to have "hidden files" box checked to see everything, and sort your files by last modified.
     
  12. YujinTan

    YujinTan Elite Member

    Joined:
    Jan 7, 2018
    Messages:
    2,409
    Likes Received:
    245
    Home Page:
    update, I not sure is real problem or what here,

    I noticed my wordfence dash board never put notice ,
    last time I does got hack seriously , the site got PHP injection etc and I enange wordfence people help to clear.

    this malware is just today after many months of last hack.

    received email from my wordfence plugin stated pages got malware.
    I thought what again the site must be inject with other stuff been display

    go check the site nothing wrong , all contents , etc nothing usual.

    so go scan and noticed got malware . ONE thing I check is due to plugin ? what BB boaster
     
  13. MisterF

    MisterF Moderator Staff Member Moderator Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    18,013
    Likes Received:
    22,083
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
  14. yggitteam

    yggitteam Junior Member

    Joined:
    Oct 4, 2019
    Messages:
    112
    Likes Received:
    31
    Gender:
    Female
    i have many wordpress with that kind of virus.
    i didn't care and after few months my hosting provider notice it and take my website down.

    and i must clean those virus using wordfence.

    all i know that virus make a content and place backlink or maybe like that.

    because after i check in ahref, i have some weird backlink contain that text as anchor text.
     
  15. Celil Yaman

    Celil Yaman Junior Member

    Joined:
    Feb 24, 2019
    Messages:
    101
    Likes Received:
    14
    Gender:
    Male
    Check latest modified files from cPanel file manager specially wp-blog-header.php there might be a code overwriting the HTML pages Bruh
     
  16. YujinTan

    YujinTan Elite Member

    Joined:
    Jan 7, 2018
    Messages:
    2,409
    Likes Received:
    245
    Home Page:
    went to google webmaster check , no security issues .

    hmmm ...
     
  17. YujinTan

    YujinTan Elite Member

    Joined:
    Jan 7, 2018
    Messages:
    2,409
    Likes Received:
    245
    Home Page:
    one thing , as mention check google webmaster , no security issues

    actually I look again , the url of all my pages is stated in front are what coach page , the name of the url , than follow by index_ssl.html

    I somehow fell is from one plugin suddenly causing this? because I look further is claim what bb boaster plugin

    so it is not malware ? is happen wordfence detect and feel so ? I not techically expert on it

    because from the decription of those url , it stated coach page enhance _ xxxx url page name _ index_ssl.html