Site has been compromised!

  • Hi there,

    I have a recieved a malware notification from Google and have a warning under our website when you search for it. I had someone check it out and they didn’t find any issues, could you check it out and confirm? And could you help me through the process of getting the warning removed?

    Thanks,
    Shaun

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter legacyguitar

    (@legacyguitar)

    Sorry, my website is https://www.legacyguitarhouse.com

    Moderator t-p

    (@t-p)

    I checked your site with sucuri and it it confirms it is infected: https://sitecheck.sucuri.net/results/www.legacyguitarhouse.com

    Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter legacyguitar

    (@legacyguitar)

    Thanks Tara,
    Can we take our site offline until the issue is resolved?
    Shaun

    Moderator t-p

    (@t-p)

    Sure you can. But www.remarpro.com cannot do it for you. Because wordpress.ord does not provide hosting services. You may want to discuss the issue with your hosting provider.

    In my experience with this infection the malicious code is probably going to be at the very, very bottom of one of these two files:

    ./wp-content/twentyeleven/footer.php
    ./wp-content/twentyeleven/index.php

    You can remove that malicious script from there and that should clear the Sucuri Sitecheck warning, but the challenge will be determining if the attacker placed any back doors in order to reinfect the site at a later date.

    You might want to run a file integrity check as well as a general scan of your files with a security plugin to see if any other malicious scripts are present there.

    Dan

    (@securitydan)

    I just used vURL and went to your website. On your home page (index) on line 342, you have an injected iframe redirecting to an exploit kit hosted on IP (188.166.65.14).

    You can delete the iframe to temporarily stop the damage, but in order to completely remove any potential backdoors, you will want to scan the entire site, check for recent changes, verify permissions, change all passwords related to the site, try to improve your .htaccess page. The two links provided above by Tara and rngdmstr’s advice should help move you in the right direction.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Site has been compromised!’ is closed to new replies.