Dragon treasure forbidden memories yugioh reddit.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved bsafer
(@bsafer)

5 years, 7 months ago

I’m receiving notification from google and from Norton bots that this page has phishing. It shows up under this plugin, but this folder doesn’t actually exist when I ftp and go through the files in my site. I’m lost as to how to find it and remove it. If I remove/deactivate the plugin, it goes away. It’s possible I’ve been hacked but can’t find any other evidence besides this and don’t know how to go the next steps.

Here is the link: Please note I get a warning from Avast when I go to that page, but it doesn’t come up in Chrome, so be careful!
https://elevatemyathlete.com/wp-content/plugins/login-recaptcha/css/updateserinfo.com/signt/customer_center/customer-IDPP00C963/myaccount/signin

Thanks
Brent

The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

g0tr00t
(@g0tr00t)

5 years, 7 months ago

It looks like a stale classification, so just request a review from the AV that is generating the warning and if you removed all the malicious content then they should re-classify it as non-malicious.

Thread Starter bsafer
(@bsafer)

5 years, 7 months ago

But if I go to that address, avast does popup on my computer, implying there is something there and if I remove the no login plugin, it goes away. How can this be?
Brent
Plugin Author Robert Peake
(@robertpeake)

5 years, 7 months ago
The directory /updateserinfo.com/signt/customer_center/customer-IDPP00C963/myaccount/signin does not exist by default under the css directory of the plugin. If you did not create this path yourself, it does indeed appear that a malicious actor may have added code to your site.

If the malicious code has access to the rewrite rules of the website, it is possible to activate the malicious code using any URL, even if the directory path does not exist for that URL. So, this does not have anything to do with the plugin itself–it could have been written anywhere in the filesystem, but happens to be activated under this plugin path. However, deactivating the plugin likely gives a 404 for all code downstream of that plugin path, which is why the malicious code “goes away”.

That said, you should follow best practices for securing your website overall, as it is unlikely that this is the only place where malicious code has been written.

Good luck!
- This reply was modified 5 years, 7 months ago by Robert Peake.
Thread Starter bsafer
(@bsafer)

5 years, 7 months ago

Thank you both for your help For next person should this happen, I don’t think related to this plug in. I had uninstalled and removed the folders that the bad link referred to, but was still receiving the warning on Avast.

I had to turn off my local virus scanner, go to the bad page, then purge cache (I did all, then that page), then turn back on virus scanner. That resolved it. Very frustrating and too much time to figure out.

Thanks again! And thanks for your plugin. If you give me a link, I’ll give you a few bucks for helping and for your plugin.

Plugin Author Robert Peake
(@robertpeake)

5 years, 7 months ago

Happy to help and glad it’s working again. If you appreciate the plugin, feel free to give it a nice review and/or just pay the kindness forward to someone else! ??

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Phishing’ is closed to new replies.