Malware infected site

  • Hi there! Thank you for trying to help me, it’s very appreciated. My name is Rafael, I run a site that right now does not redirect to a malware site. I have seen that many people in the last days were attacked (atleast that’s what I belive it was). I’m no expert but I’m trying to handle myself in the situation. I have followed guides on how to free my website from this malware and all the infected things related to it. I have spoken with the support of my hosting provider (Siteground) and they have also made scans. Sucuri alerts that my website is infected because that’s what they can recieve when they try to analize my website, and they got redirected. Now, when I or the hosting provider’s tech experts scan the files of the website, we don’t find anything that could be infected. At this point I deleted all the plugins that I had on the plugins folder because I read that they could be hosting the infected files (and I can reinstall them later) and I’ve also deleted all the two themes that I had installed and reinstalled all the wordpress files. Then, I downloaded all the website files via FTP and run various kinds of scans with Malware Bytes, Windows Defender and BitDefender and nothing showed up. Just to be sure, I checked what files were the last to be modified (also via FTP) and there were no suspicious files. At this point I checked the database via phpMyAdmin and did what I read that others did and checked wp_options under siteurl and home. Both were having values that were redirecting the site to the site and I corrected them with my url. I have also changed the template and stylesheet to twentytwenty because now that I don’t have my theme I’m going to use this one from the reinstallation of the wordpress files. At this point I am stuck, the result is that when someone tries to enter my website, all you are going to see is nothing, the window is all white, and if you try to go to sub directories like /newsletter (which previously existed) nothing happens either. So nothing is being redirected BUT when I try to go to the wp-admin, THEN I get redirected and I don’t know what could be causing it. So no redirections except for the wp-admin as far as I can tell. I tried one more thing as someone said in another post in this forum and I used SSH and used grep to try to find malicious code on the files but nothing was found. My biggest bet is that there is something going on on the database. Also, I have checked the must use plugins and deleted the entire folder just in case. Please if someone is willing to help, it will be much appreciated, and maybe we can fight this back. I think that this is what is called an XSS attack and I’m trying my best to have my website up and running once again. Thank you.

    • This topic was modified 4 years, 4 months ago by Jan Dembowski.
    • This topic was modified 4 years, 4 months ago by Jan Dembowski. Reason: Removed link to malware site

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter 3minutosdearte

    (@3minutosdearte)

    I forgot to mention that Siteground offer backups from the last 30 days. When I tried to restore the files and the database to a moment in which the website was running just fine, the redirections kept on going. This was the strangest thing not only because it wasn’t supposed to happen even if it wasn’t the best solution but also because I can’t understand how it is capable to remain. Maybe the restore tool is not what I understand it is or maybe the malware was already then. That’s when I tried to clean the files instead of restoring the site.

    I am check your url but site empty (no content)

    Even if such viruses have just damaged your site, the security weakness that caused your site and the virus may already be infected. Are you sure your backup is clean?

    If the hosting provider accepts, ask imunifyav to scan your site. It gives more successful results than maldet and similar antiviruses using Imunify clamav engine. The free version will show you harmful content even if it doesn’t auto-clean.

    Malicious code or content is often found in the function file or database of the theme, some viruses may have encrypted this file, if possible replace the wordpress content management system, your theme and plugins with their original files.

    Check it via “fetch like google” through the Google search console, then browse with imunify and sucuri.

    If the problem goes away or continues I will be following the matter.

    Thread Starter 3minutosdearte

    (@3minutosdearte)

    if possible replace the wordpress content management system, your theme and plugins with their original files.

    This I have already done it. I have deleted all the plugins, I have deleted the theme and started using a fresh installed twentytwenty theme (changed the theme via the database as told before) and I have also installed the wordpress enviroment once again.

    Sadly, I’m on a shared hosting, and I don’t think I am going to be able to use imunify but I will try asking. I need root access via SSH to install it and they need to accept it. Thank you for your recommendation @ayzeta .

    Your site is being redirected to a different website.

    Call your webhost (SiteGround?) and ask them for some help. I’m sure they’ve been through this several times before with other customers.

    It’s best not to guess at how the attack happened and what it is causing the problem. It could be anything.

    This article is a good read and can help you…

    https://www.ads-software.com/support/article/faq-my-site-was-hacked/

    Hope this helps and let us know if you need more info.

    Thread Starter 3minutosdearte

    (@3minutosdearte)

    Call your webhost (SiteGround?) and ask them for some help. I’m sure they’ve been through this several times before with other customers.

    I have spoken with the support of my hosting provider (Siteground) and they have also made scans. Sucuri alerts that my website is infected because that’s what they can recieve when they try to analize my website, and they got redirected. Now, when I or the hosting provider’s tech experts scan the files of the website, we don’t find anything that could be infected.

    They won’t help me into looking the files manually because they don’t offer that service, it’s something unrelated with the maintenance of the hosting.

    I have already read that article, thank you. I have read many more aswell, I’m trying to do everything as I’m told.

    It’s best not to guess at how the attack happened and what it is causing the problem. It could be anything.

    It could, but I need to fix it, because the backups won’t work. Many others are having the same issue since the beginning of July, that’s why I’m asking on here aswell.

    Thank you for your reply @jnashhawkins .

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Malware infected site’ is closed to new replies.