Jililuck 22.Enjoy Free 888+200 Daily Legal Bonus

Resolved Malae
(@malae)

7 years, 2 months ago

I have received the following notices from Wordfence on several sites:

File contains suspected malware URL:
Filename: footer.php
Bad URL: https://www.google-analytics.com/analytics.js’,’ga
File Type: Not a core, theme or plugin file.
Severity: Critical
Status New
This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://www.google-analytics.com/analytics.js’

File contains suspected malware URL: /public_html/wp-content/plugins/google-sitemap-generator/sitemap-core.php
Filename: wp-content/plugins/google-sitemap-generator/sitemap-core.php
Bad URL: https://www.google-analytics.com/collect
File Type: Not a core, theme or plugin file.
Severity: Critical
Status New
This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://www.google-analytics.com/collect

Is the URL indeed on a blacklist, or are these false positives?

Viewing 13 replies - 1 through 13 (of 13 total)

frustrated999
(@frustrated999)

7 years, 2 months ago

Getting the same alert here as well except for me
Filename: wp-content/plugins/google-sitemap-generator/sitemap-core.php
Bad URL: https://www.google-analytics.com/collect
File Type: Not a core, theme or plugin file.
Issue First Detected: 54 mins ago.
Severity: Critical
Status New
This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://www.google-analytics.com/collect

Thread Starter Malae
(@malae)

7 years, 2 months ago

Gravityscan shows a similar warning:

Malicious link: https://www.google-analytics.com/analytics.js

jforman
(@jforman)

7 years, 2 months ago

I am getting the same error for a header.php file.

I looked at my code guard backups for the past 4 months. As far as I can tell this file is not new and has not changed. So I am questioning if this is a false positive?

File contains suspected malware URL: /home3/ab19087/public_html/jeffersonrubber.com/wp-content/themes/boydbootstrap/header.php
Filename: wp-content/themes/boydbootstrap/header.php
Bad URL: https://www.google-analytics.com/analytics.js’,’ga
File Type: Not a core, theme or plugin file.
Issue First Detected: 1 hour 6 mins ago.
Severity: Critical
Status New
This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://www.google-analytics.com/analytics.js’,’ga

leono77
(@leono77)

7 years, 2 months ago

Same error here as well, with Wordfence Premium. It appears to be in almost all cached pages (with wp-rocket)

/wp-content/cache/wp-rocket/domainname.com/blog/index-https.html
Bad URL: https://www.google-analytics.com/analytics.js’,’ga
File Type: Not a core, theme or plugin file.
Issue First Detected: 3 hours 45 mins ago.

HeleneL
(@helenel)

7 years, 2 months ago

Hi Guys,
I get a similar message with wordfence gravityscan… but nothing is detected with wordfence premium…(!)
“WARNING: Visiting this page in your browser may cause harm to your computer. It’s recommended that you try to locate the offending string in the source file or in your database. If you do decide to visit a page with malware make sure to turn Javascript off prior to visiting the page.

Malicious link: https://www.google-analytics.com/analytics.js

Problem: Listed on the Wordfence Threat Defense Feed blacklist. [more info]”

This is quite of a problem…

What should I do? Remove google analytics?
Mike Castro Demaria
(@mikecastrodemaria)

7 years, 2 months ago
+1 same on …wp-content/plugins/google-sitemap-generator/sitemap-core.php
What’s wrong ?

Filename: wp-content/plugins/google-sitemap-generator/sitemap-core.php
Bad URL: https://www.google-analytics.com/collect
File Type: Not a core, theme or plugin file.
Issue First Detected: 6 hours 3 mins ago.
Severity: Critical
Status New

This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://www.google-analytics.com/collect
- This reply was modified 7 years, 2 months ago by Mike Castro Demaria.
Alwin
(@wp-opti)

7 years, 2 months ago

Same here:

* File contains suspected malware URL:
https://www.google-analytics.com/analytics.js’,’ga

trevorwood
(@trevorwood)

7 years, 2 months ago

Me to – notified by GravityScan, but only on one of the sites GravityScan monitors, not any of the others

mponiek
(@mponiek)

7 years, 2 months ago

Based on Wordfence support google-amnalytics.com was added to Wordfence’s threat defense feed blacklist by accident and has been removed.

New scans should not be reporting this anymore.
ad2009
(@ad2009)

7 years, 2 months ago
Me too. Wordfence Premium picked ut up this morning. 150 files.
- This reply was modified 7 years, 2 months ago by ad2009.
SprialOwner
(@sprialowner)

7 years, 2 months ago

I’m having the same issue as well. I won’t copy it all here but the offending file seems to be https://www.google-analytics.com/analytics.js.

WFSupport
(@wfsupport)

7 years, 2 months ago

This is because one of the blacklist sites we monitor and check against had listed those urls as malicious. We became aware of the issue shortly thereafter and removed it yesterday around 11pm. It was there for about 3 hours. We do check manually when we import these but this list contained about 500 urls and that’s why it was missed. If you do a new scan this should not be a problem.

tim
Thread Starter Malae
(@malae)

7 years, 2 months ago
As expected, this warning was a false alarm and all Wordfence scans and Gravityscan scans on several sites, no longer show the above-reported malware and the issue has disappeared.

@ad2009
You did not mention any URLs connected to Google Analytics. From a part, now deleted, of the information on your post earlier, you reported another file not related to the URL in this report. It could indeed be actual malware. Run the scan again and follow the instructions in the Wordfence scan results
- This reply was modified 7 years, 2 months ago by Malae.
- This reply was modified 7 years, 2 months ago by Malae.