Maleware again ?

YujinTan

BANNED
Joined
Jan 7, 2018
Messages
4,975
Reaction score
960
wordfence detect these

File Type: Not a core, theme, or plugin file from wordpress.org.


  • Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: body .figure-categories .cat-links a.category-color-2 {\x0a background-color: #f99500;\x0a }\x0a \x0a \x0a body .figure-categories .cat-links a.category-color-3 {\x0a background-co...

Spam:HTML/spam

file name , xxxx _index_ssl.html

The issue type is: Spam:HTML/spam.template.categories.7593
Description: Content often seen in hacked sites

but I check the overall site never find anything wrong .

So this hack is trying to copy the content post in hacked site? or ?

is detect under malware file
 

YujinTan

BANNED
Joined
Jan 7, 2018
Messages
4,975
Reaction score
960
WTH , I now using wordfence keep scanning and delete those files , it seem like entire site pages
 

unknownsmmers

Supreme Member
Joined
Aug 6, 2019
Messages
1,208
Reaction score
577
I'm also interested in this, watching + bookmarked.

Somebody please provide a little insight incase I hit this issue in the future
 

YujinTan

BANNED
Joined
Jan 7, 2018
Messages
4,975
Reaction score
960
I'm also interested in this, watching + bookmarked.

Somebody please provide a little insight incase I hit this issue in the future

dam ...still keep re run wordfence scan to scan out those pages , as mention it seem entire site pages been used to spam whatever i don't know.

but the site still ok, the file is not the core file . I don't know what the hacker trying to do maybe trying to get my admin pass ? or?
 

Index Sites

Regular Member
Joined
Mar 27, 2019
Messages
238
Reaction score
91
wordfence detect these

File Type: Not a core, theme, or plugin file from wordpress.org.


  • Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: body .figure-categories .cat-links a.category-color-2 {\x0a background-color: #f99500;\x0a }\x0a \x0a \x0a body .figure-categories .cat-links a.category-color-3 {\x0a background-co...

Spam:HTML/spam

file name , xxxx _index_ssl.html

The issue type is: Spam:HTML/spam.template.categories.7593
Description: Content often seen in hacked sites

but I check the overall site never find anything wrong .

So this hack is trying to copy the content post in hacked site? or ?

is detect under malware file

I'm not completely sure, but in my case not too long ago I was infected with malware and what it would do is create spam backlinks under my domain name even though such a link didn't exist on my site. Let's say for example your site is wordpress.net with the malware in your website directory they could create links like wordpress.net/find-dates-ages-50-plus even though this link doesn't exist under your site somehow with that malware it does and will exist until you remove said malware. I'm not sure if this was the intentions in your case but doesn't hurt to know a possibility.
 

Th3 Technician

Power Member
Joined
Sep 15, 2016
Messages
527
Reaction score
183
Website
kzidane.com
Check latest modified files from cPanel file manager specially wp-blog-header.php there might be a code overwriting the HTML pages.
 

YujinTan

BANNED
Joined
Jan 7, 2018
Messages
4,975
Reaction score
960
I still using wordfence to scan and keep remove those files see how it go .
 

unknownsmmers

Supreme Member
Joined
Aug 6, 2019
Messages
1,208
Reaction score
577
I'm not very fimiliar with wordpress (I'm new, learning SEO 1 website at a time & ranking without banklinks for months throughout my process)

But a common answer I see with glitches / hacks / etc.

Is to remove all plug ins.
Then add them in 1 by 1 to figure out the issue slowly, whether it be a glitch or a BH hacked software
 

unknownsmmers

Supreme Member
Joined
Aug 6, 2019
Messages
1,208
Reaction score
577
dam ...still keep re run wordfence scan to scan out those pages , as mention it seem entire site pages been used to spam whatever i don't know.

but the site still ok, the file is not the core file . I don't know what the hacker trying to do maybe trying to get my admin pass ? or?

I don't know how to edit in quotes,
My answer is above

(If you could pm me how to edit in quotes if we can, id appreciate that so I'm not repeating myself the odd time)
 

TomTheCat

Jr. VIP
Jr. VIP
Joined
Oct 27, 2019
Messages
1,648
Reaction score
1,418
Website
bit.ly
To fix the issue, dump Wordpress to Recyle Bin and hire a web developer!
 

dandan594594

Senior Member
Joined
Jan 31, 2013
Messages
1,099
Reaction score
722
You wont remove the problem by repeatedly using wordfence, you need to find the offending file in your cPanel and remove it.

Make sure to have "hidden files" box checked to see everything, and sort your files by last modified.
 

YujinTan

BANNED
Joined
Jan 7, 2018
Messages
4,975
Reaction score
960
update, I not sure is real problem or what here,

I noticed my wordfence dash board never put notice ,
last time I does got hack seriously , the site got PHP injection etc and I enange wordfence people help to clear.

this malware is just today after many months of last hack.

received email from my wordfence plugin stated pages got malware.
I thought what again the site must be inject with other stuff been display

go check the site nothing wrong , all contents , etc nothing usual.

so go scan and noticed got malware . ONE thing I check is due to plugin ? what BB boaster
 

MisterF

Jr. Executive VIP
Jr. VIP
Joined
Nov 29, 2009
Messages
23,933
Reaction score
36,045
Website
www.blackhatworld.com

yggitteam

Junior Member
Joined
Oct 4, 2019
Messages
179
Reaction score
51
i have many wordpress with that kind of virus.
i didn't care and after few months my hosting provider notice it and take my website down.

and i must clean those virus using wordfence.

all i know that virus make a content and place backlink or maybe like that.

because after i check in ahref, i have some weird backlink contain that text as anchor text.
 

Celil Yaman

Junior Member
Joined
Feb 24, 2019
Messages
108
Reaction score
20
Check latest modified files from cPanel file manager specially wp-blog-header.php there might be a code overwriting the HTML pages Bruh
 

YujinTan

BANNED
Joined
Jan 7, 2018
Messages
4,975
Reaction score
960
went to google webmaster check , no security issues .

hmmm ...
 

YujinTan

BANNED
Joined
Jan 7, 2018
Messages
4,975
Reaction score
960
one thing , as mention check google webmaster , no security issues

actually I look again , the url of all my pages is stated in front are what coach page , the name of the url , than follow by index_ssl.html

I somehow fell is from one plugin suddenly causing this? because I look further is claim what bb boaster plugin

so it is not malware ? is happen wordfence detect and feel so ? I not techically expert on it

because from the decription of those url , it stated coach page enhance _ xxxx url page name _ index_ssl.html
 
Top