Site infected by Red Adblocker

  • I don’t know how did this came to my wordpress installation, but there it is.

    Something modifies the posts adding hyperlinks with an image in random words. I have tried deactivating all my plugins but the posts remain edited.

    Screenshot: https://postimg.org/image/dshbwj579/

    Anyone knows about this?

Viewing 8 replies - 1 through 8 (of 8 total)

  • Could be malware in your browser.

    What is the url of your site?

    Thread Starter Manuel5cc

    (@manuel5cc)

    PS: I know about this Red Adblocker because the “alt text” of the link says “Click to continue > by Red Adblocker” but apparently the link is only a #.

    Thread Starter Manuel5cc

    (@manuel5cc)

    It’s not in my browser because I have checked in order to find extensions and plugins, tried with other browsers and asked some friends to try it. Moreover, it’s not something that the explorer does, the posts are modified. If I try to edit the post, I can see the links and delete them…

    here is a link to a post that has this problem: https://megafonofcom.es/2015/04/virginia-woolf/

    I see the problem. A Sucuri scan is showing that page as clean, but obviously you have an issue you can see there.

    You could try running a few malware scanner plugins to see if they find anything:
    https://www.ads-software.com/plugins/wordfence/
    https://www.ads-software.com/plugins/gotmls/

    Failing that you will need to work through this resource:
    https://codex.www.ads-software.com/FAQ_My_site_was_hacked

    And then once your site is clean work through this:
    https://codex.www.ads-software.com/Hardening_WordPress

    You also have the alternative of restoring your site from a known clean backup of your site files and database (safely pre-hack) and then changing all your users names and passwords (WordPress/cPanel/database/FTP). This can be a much less painful process than cleaning the site if you have that good backup.

    Thread Starter Manuel5cc

    (@manuel5cc)

    I actually have Wordfence installed and it hasn’t detected anything for months. I am going to try the second tool.

    Is there any way to restore the posts to a previous state?

    It would require a full restore to restore your posts, and it would be important to do this full restore to ensure that the vulnerability is also removed at the same time.

    Thread Starter Manuel5cc

    (@manuel5cc)

    It seems that my installation is clean, so I don’t know how this happened but I have to fix it manually (the posts) and pray and wish that it doesn’t happen anymore.

    Can I do anything more to prevent this?

    You can’t rely 100% on the results of the GOTML scanner to confirm that your system is clean, unfortuntaley. Sometimes these plugins can find less sophisticated hacks, other times not.

    You could try the following:

    1. scan your machine with a free scanner such as MalwareBytes just to certain that your local system is clean

    2. try to replicate the issue with all plugins deactivated *and* using a different theme

    3. check and remove any unknown administrator level users in the WordPress dashboard >> Users and/or in the database

    4. change all passwords (WordPress dashboard/cPanel/MYSQL database) for strong versions that include special characters such as: (*&^%£:@_+

    5. change your salt keys in your wp-config.php file to log out all existing users

    6. search the mysql database for the Red Adblocker string

    Again, failing that you will need to work through the hack repair and hardening resources linked to above.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Site infected by Red Adblocker’ is closed to new replies.