After removing malware, clicks to “somesite.com/[string]”

  • Resolved slywy

    (@slywy)


    3 months ago

    For the past couple of weeks, almost daily Wordfence has been alerting to me to newly created admin users, altered WordPress files, files that appear to be malware, etc. I’ve used it and sucuri to clean up files, and removed bad files from the root directory as well. I’ve changed all passwords multiple times, reinstalled WordPress, removed a couple of plugins I can live without, deactivated and reinstalled a couple like Jetpack, and keep an eye on files on the server.

    The only thing that has me flummoxed and I’m not sure what to do about: In stats, Jetpack shows clicks from my site to other sites. Most are legit — to Flickr, other sites I link to. But there’s a URL that keeps showing up: somesite.com/rt4.php?r3=[different random strings of letters, numbers, and hyphens]. I can’t find anything about this or what it means, and the hosting service didn’t know either. Has anyone else seen this and is it anything to worry about?

    • This topic was modified 3 months ago by slywy.
    • This topic was modified 1 month, 2 weeks ago by Jan Dembowski.

    The page I need help with: [log in to see the link]

  • The topic ‘After removing malware, clicks to “somesite.com/[string]”’ is closed to new replies.