Fixing pop under malware hack

  • It appears my website has been hacked, there’s some weird malware alert pop up that pops up in Safari and Firefox, though I seem to have gotten rid of it for Chrome.

    I’ve removed some corrupt php from the index.php and a foreign plugin folder, plugin monster or something, but it still seems to be there and I can’t find anything else on my server that seems weird, so don’t know what else to do.

    I’d like to clear it completely before I change passwords and stuff.

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)

  • Carefully read https://codex.www.ads-software.com/FAQ_My_site_was_hacked. It gives you very usefull tips and tricks to cleanup a hacked site.

    Thread Starter melbspokenword

    (@melbspokenword)

    Thanks, one of those scanning sites found some extra corrupt malware in the javascript so I removed it

    It is vital that you also identify how exactly malware was able to upload itself into your web repository, else it will just happen again.

    Thread Starter melbspokenword

    (@melbspokenword)

    How do I go about doing that? Just changing passwords?

    If you can imagine, you have removed/overwritten the damage an attacker was able to cause via some weakness in your website. Removing the damage as you have done, may not have removed the weakness that allowed the attack to take place in the first place.

    Finding the cause of attacks is not easy. It may mean looking back through log files to find the attack itself, therefore giving you the file the attacker used to exploit your site.

    In many cases this is usually a plugin that has a security vulnerability in it, in rare cases it is a security vulnerability in WordPress itself, and in other instances the attack will have been leveraged at the webserver itself rather than at the website code/files.

    Thread Starter melbspokenword

    (@melbspokenword)

    Dumb question, but who do you find your log files?

    It’s not completely gone as it turns out, just seems to only display it on certain browsers.

    There may be a setting in your web hosts control panel that allows you to view logs, else ask them to show you how to do that.

    Yes, if you have not shut the security hole, they usually come right back and reinstall themselves.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Fixing pop under malware hack’ is closed to new replies.