Malware Attacks on Admin , Can't Locate Source

  • Jan Harold

    (@frappular)


    12 years ago

    Hi everyone,

    I’ve been dealing with my wordpress malware infection for days. I was successful to remove the redirection scripts (htaccess attacks) and was scanned cleaned by Sucuri.

    Currently, my problem is in the admin section. But haven’t succeed locating the source of the weird malware detections(again, on some parts of the admin section only).

    Things that I’ve tried but failed :
    (note: I already changed all my passwords including AUTH Keys and SALT Keys for the wp-config.php [FTP/User Account/SQL])

    • Installed a lot of anti malwares, security and scanners plugins
    • Restoring Back-ups 1-2 Weeks before the Malware Attack(A lot of times)
    • Clean Install – Several times (malware detected even before I install any plugin/theme)
    • Tried locating the scripts by Chrome’s console, I saw that It was from load-scripts.php, So I opened the file but didn’t see anything suspicious (same script detected even after a clean install)

    My only remaining suspect is the database/sql (I’m not 100% sure if they can alter this or altered it already to produce the said malware scripts, but already done a few reading about it, returning with a positive).

    I ruled out my hosting because apparently, I installed another blog(clean install) on it, and everything is functioning well w/o any malwares admin or not.

    I’m no developer, so I actually had no idea how to deal with sqls. So what do I do now?

Viewing 2 replies - 16 through 17 (of 17 total)
  • Neal Bloome

    (@neal-bloome)

    @jan – songdogtech mentioned that people in the forums give 1and1 a bad rep that is your first clue, just because you have two sites on the same hosting account doesn’t mean those two sites are on the same shared servers.

    They might be stored on different servers and it’s possible that only certain servers have been infected (i.e. your one site and not your other).

    You can try to ask 1and1 support if they have had any hacks or malware problems done to them but they are trained to tell you no, it’ll take a lot of work to get them to tell you what really goes on.

    I mean only other thing I could think of is to ask them to move your infected domain to another shared server, they may or may not do it but if they’ve been hacked or have insecurities in there software then moving to a clean server just might be putting a bandage over a gun shot wound.

    Thread Starter Jan Harold

    (@frappular)

    @songdogtech – Will consider that sir, Thanks ??

    @adam Losier – Yeah, I get that. But those two sites that I mentioned are actually in the same account and folder, sorry If It wasn’t that clear ??

Viewing 2 replies - 16 through 17 (of 17 total)
  • The topic ‘Malware Attacks on Admin , Can't Locate Source’ is closed to new replies.

Tags