Malware code injection! Please HELP!

  • Resolved Beshken

    (@beshken)


    9 years, 10 months ago

    Yesterday Google by Webmaster Tools send me alert. It said:
    Malware code injection
    Suspicious snippet:
    <iframe src="https://pererrationhouyhnhnm.comicalcurriculum.net/player-hissing-skews-articulately/708758093631444445" width="423" height="526">

    I searched in source of my site’s that page – nothing, can’t find this iframe. Installed Sucuri Security – it said that site is clean. I send request to Google to recheck my site and get answer from them, that my site still has this malware and this iframe…

    What can I do?

Viewing 5 replies - 1 through 5 (of 5 total)

  • Try a few other scanners:

    https://www.ads-software.com/plugins/wordfence/
    https://www.ads-software.com/plugins/gotmls/

    Also, you can upload a backup of your site to scan here:
    https://www.virustotal.com/

    Keep in mind that even if you locate and remove the iframe, the question will remain of how it has got there in the first place …. This typically means that your site security has been comprised, and you have two choices:

    a) restore your site from a good known backup (and of course change all passwords (WP dashboard/Cpanel/database) and update your salt keys).
    b) Work through the advice in the WordPress codex here.

    Once resolved, you should consider implementing the advice in the Hardening WordPress Codex.

    Good luck!

    If you can’t find the actual code for that iframe in your source, then that’s definitely a clear indication you have been infected. Malware tends to inject itself rather sneakily — not by just adding it to the source, so it’s normal that you wouldn’t find it right away.

    Carefully follow FAQ – My Site Was Hacked.

    Then take a look at the recommended security measures in Hardening WordPress and Brute Force Attacks

    Change all passwords. Scan your own PC. Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting

    If you can’t do the work yourself, consider looking for a reputable person on freelancing sites such as Elance. (FYI, it’s not a good idea to respond to unsolicited emails from forum users offering to work for you.)

    please also note, that some malware is quite sophisticated in hiding itself from the default security scanners and use obfuscation to hide from a string search. I’ve encountered several malware infestations of some clients and none were found by Sucuri.

    Thread Starter Beshken

    (@beshken)

    Yes, Sucuri was not problem solving plugin in this case, but we found malware in wp-config file, changed all passwords and now we’re keeping one’s eye on Sucuri everyday. If even one file would be changed, we’ll see it by “Core integrity” function.

    Hope it helps to some other people, having same issue.

    Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Malware code injection! Please HELP!’ is closed to new replies.