1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WP site infected with malware

Discussion in 'Black Hat SEO' started by x19topgun, Jun 12, 2012.

  1. x19topgun

    x19topgun Newbie

    Joined:
    Mar 3, 2009
    Messages:
    32
    Likes Received:
    7
    Guys/Gals,

    I've got a wp site thats infected with some malware, when I view the index page source code I can see the <div> tags containing the malware but I can't find it looking through the appearance>editor ...

    Any suggestions on how to find it / get rid of it?

    Thanks!
     
  2. SocialPusher

    SocialPusher Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 24, 2011
    Messages:
    450
    Likes Received:
    57
    Gender:
    Male
    Id check in cpannel rather than in editor. More chances to go with. Also there you start with index and see where everything goes and comes from. Till then, keep your site in under maintainance, or you risk getting sandboxed. Good luck !
     
  3. asilent

    asilent Junior Member

    Joined:
    Jul 24, 2008
    Messages:
    100
    Likes Received:
    13
    Yes, try checking all your files by FTP and check the database with the posts/pages. It will be more likely to wind it.
     
  4. ugjunk

    ugjunk Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 1, 2011
    Messages:
    2,345
    Likes Received:
    721
    Location:
    Los Angeles
    Home Page:
    Don't you have a backup of your file?

    Just incase you don't then try out this website http://sucuri.net/
     
  5. skrode

    skrode Junior Member

    Joined:
    Nov 13, 2011
    Messages:
    103
    Likes Received:
    16
    the infected div is prolly coming from include, so check them out
     
  6. sespot

    sespot Junior Member

    Joined:
    Jan 24, 2012
    Messages:
    141
    Likes Received:
    32
    Occupation:
    Internet Marketing
    Location:
    Ohio | USA
    Yeah you must not have had your wp version updated, I have about 20 clients with about 150 wp sites and we have this happen often. Most of the time, we can just look at the files using ftp and you should be able to see some extra files added like 8108.php or ones like that look at the date as well if some files dont look like they belong in the public html.. Also look in other folders of the ftp..

    It is a pain... but we got to make sure wp versions are updated often..
     
  7. lelando

    lelando Junior Member

    Joined:
    May 13, 2011
    Messages:
    151
    Likes Received:
    61
    this is easy just make a backup of the site as a zip file. download it then in windows 7 or xp extract all the files to a directory.
    -in windows go to control panel / folder options
    -click on search

    then check the radio box "always search filenames and content"

    it should look like this

    searchOptions.png

    now go to the folder you extracted the files to.

    If its a website the malware links to simply type in the website url that your website is redirecting to in the upper right search field of windows (in windows xp the search field should be on the left hand side) your pc should now go trough all the files and find the one containing the code.

    open the file in notepad and press ctrl+f again type or paste the website addy the site is linking to in the find field.

    notepad should highlight the link in blue .

    now simply remove the line of code or comment out using <!-- tag and --> tag.


    if its a javascript injection finding the code could be difficult.

    for javascript malware scanning use http://sitecheck.sucuri.net/scanner/

    it should give you the code causing the malware alert again aplly the above methods and search for the code,remove and save ..... hope this helps
     
  8. x19topgun

    x19topgun Newbie

    Joined:
    Mar 3, 2009
    Messages:
    32
    Likes Received:
    7
    Great advice! Thanks All!
     
  9. emerica1184

    emerica1184 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 6, 2011
    Messages:
    331
    Likes Received:
    79
    I used fiverr for mine and the guy got rid of everything bad