Website redirection to cloudflare Captcha Malware

  • Website is redirecting to the Cloudflare captcha malware which asks you to complete CMD request of installing something. Is there anyone who also facing issue like this. There were multiple plugins directly adding in plugin list like xxxx, WPSuperCache etc. If someone knows the root cause of this please help me on the same.

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)

  • The site is definitely hacked. At least one of your theme’s JavaScript is compromised. This also generates this fake cloudflare view – for whatever reason.

    My recommendation: first read this article:

    FAQ My site was hacked

    After that I would recommend checking whether you still have a clean backup. If necessary, ask the support of your hoster. If so, delete all files and the database and restore the backup. Then change all access data in the hosting. This should solve the problem.

    Finally, you should secure your project. This is described in more detail in the article here: https://www.ads-software.com/documentation/article/hardening-wordpress/

    If you need personal help at any point, try contacting your hoster’s support first. Alternatively, you may also find someone here: https://jobs.wordpress.net/

    Thread Starter Shubham Patil

    (@iamshubhamsp)

    @jhimross & @threadi Thank you for the reply.
    Actually, I tried all this things I just want to know is there anyone know the root cause for this?

    The root cause for a website hack can be very diverse. It starts with plugins or themes that have not been updated and contain security vulnerabilities, and can range from passwords being spied on for access to the project to hacked hosting access. In my experience, it is not worth investigating the specific cause as long as you have a live web online that can potentially cause damage to visitors. I would therefore urge you once again to clean up your website as described above.

    @iamshubhamsp, you cannot determine the root cause without further investigation, which is why we recommend the steps mentioned above. Typically, the issue stems from malicious plugins, infected files, or compromised admin credentials. Hackers may exploit outdated plugins, inject harmful code into core files (like .htaccess or wp-config.php), or insert malware directly into your database.

    Again, check with your hosting provider for more details on how this started. They can provide insights into server logs, file changes, and potential entry points.

    iamshubhamsp, hi there.

    I already did it everything but still it is regenerating on website

    I think that this malware is hiding in active processes of your server, so all your actions have no effect. To cure the website and stop the regeneration of malicious code, you need to terminate all PHP processes on your server. And I strongly advise you to close the website for the time of its recovering, fortunately this is done very easily.

    Thread Starter Shubham Patil

    (@iamshubhamsp)

    And I strongly advise you to close the website for the time of its recovering, fortunately this is done very easily.

    @r3n0 Can you explain this?

    @iamshubhamsp, it is advisable to close the website for maintenance in such cases, so as not to expose users to risk.

    You can put WordPress in maintenance mode if you don’t plan to turn off the PHP interpreter while recovering the website. You can also use the web server to set up a standalone “come back later” HTML page for visitors, so that they are not exposed to the risk of infection.

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.

Tags