Fake JQuery script being injected

  • Resolved DexMike

    (@dexmike)


    8 years, 11 months ago

    Hi! I have your plugin and it’s awesome.

    When I scanned some of my sites I noticed there is a script being injected in all of the theme’s header.php file. Even when I remove it (manually or with your plugin) it comes back after a couple of days. Is there a way to prevent this with your plugin? I’ll even donate if you help me man, it’s kind of urgent (about 15 of my sites have this). Thanks in advance.

    Malicious script in question:

    [ Malware redacted, do not post that in these forums. ]

    https://www.ads-software.com/plugins/gotmls/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Eli

    (@scheeeli)

    This is a common hack and my plugin can remove it but it can only stop the re-infection if you can find all the vulnerabilities that are letting in this exploit. It could be a vulnerability on any of the sites on your server, even possibly an exploit on another account on that server depending on the provider and their internal security.

    You should have my plugin on all your sites and make sure they are all clean at the same time so that the infection cannot cross-over from one site to the others. You can also check the timestamps on the infection in the quarantine and compare the infection time with the activity in your raw access_log files to see if there are any clues as to how they are getting in ??

    Thread Starter DexMike

    (@dexmike)

    Nice tip! I’ll try it, and will keep you posted on this. Thanks.

    Anonymous User 7823331

    (@anonymized-7823331)

    same problem with 10 WP websites on one server. I dona try it, and let you know. The infection is allways back to 1 week, so we will see.

    @cerkoxxl: This is not your topic & it has been resolved. If you require assistance then, as per the Forum Welcome, please post your own topic.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Fake JQuery script being injected’ is closed to new replies.