Infected website?

  • At the end of October, hackers infected the hudbaaslovo.cz website with a Trojan horse. On October 7, I found out that the website was blocked by Eset antivirus. I installed the Wordfence plugin in the free version. The plugin found 93 vulnerabilities. Most of them were critical. I restored to a working state the backup from 6.11. The scan found 5 vulnerabilities, 3 of which were Critical. All vulnerabilities were successfully removed. Repeated scan showed that hudbaaslovo.cz is now clean. See attachment.
    I asked Eset to check the situation and stop blocking the site. Unfortunately, the report was negative. According to them, the site is still infected.

    I don’t want to invest 119 USD to upgrade to the Premium version. Do you have any idea how to proceed?

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @lubos55,

    Your site is infected. Checked via Sucuri Sitecheck.

    Contact your host for assistance (i.e., they should be able to clean your site for a fee) — or — follow the Wordfence instructions provided here.

    Given the severity of your site’s infection, Wordfence Premium will not help until you clean up your site using enhanced clean-up methods. The infection — most likely — is Base64 encoded.

    If satisfied with the above, please consider closing this topic as “Resolved.”

    Best wishes!

    Note: I’m not affiliated with Wordfence. Simply offering goodwill support.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @lubos55, thanks for getting in touch.

    As Generosus provided our site cleaning instructions, I will just highlight some additional details. You might find the WordPress Malware Removal section in our free?Learning Center?helpful too.

    Make sure all of your plugins and themes are up-to-date and that WordPress core is on the latest suitable version. Any time someone thinks their site has been compromized, we recommend to ?update passwords for hosting control panels, FTP accounts, WordPress admin users, and the database?in order to cover the key access points where somebody could change or upload things on your site. Make sure to do this!

    Check for administrative users you don’t recognize in WordPress > Users > All Users, just in case there is anything suspicious there. Delete any that you know shouldn’t have this kind of access.

    If you find anything that you’re suspicious of but unsure what to do next, you can send files/code to?samples @ wordfence . com.?If you do, just make sure to?remove any database credentials or keys/salts?in any files you do send over. Our team can help advise some steps from there.

    Whether you choose to follow our guides yourself, or let someone else take a look, we recommend that you always?make a?full backup of the site beforehand.

    Many thanks,
    Peter.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.