404testpage4525d2fdc , malware

  • Resolved chrisbourn

    (@chrisbourn)


    8 years, 9 months ago

    This WP site became infected, after running Wordfence, replacing some files from an old back up etc, removing redundant themes the site is clean and appears clean after 24 hours…

    However I check on sucuri.net scanner and got a new error reported

    Internal Server Error	500-error?v1	https://www.mysite.uk/404testpage4525d2fdc ( View Payload )

Internal Server Error	500-error?v1	https://www.mysite.uk/404javascript.js ( View Payload )

    This seems to be a common issue?
    Indeed if you Google 404testpage4525d2fdc there are many sites with this page on there website and actual content?

    Ive seen an overwhelming list of how to look at this.
    Is there a simple step by step guide….

    What exactly are we dealing with here?

    Can anyone help

    Many thanks

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator James Huff

    (@macmanx)

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter chrisbourn

    (@chrisbourn)

    Hi

    Thank you for coming back to me on this, I had previously cleaned up the site using wordfence, replacing some files from an old back up removing redundant themes the site is clean and appears clean after 24 hours…

    But I get this error from Securiscan.

    Im also now concerend as I have found out a friend of mine site is infected and we use the same host

    Im not familar with php and .htaccess, so Im unsure what elde to look for.

    Im continueing to read the link you sent but if you can offer and other advice in the meantime ??

    Thanks

    Thread Starter chrisbourn

    (@chrisbourn)

    Ive taken a look at the .htaccess

    there is an .htaccess and a .orig version

    The .htaccess version is:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /mywebsitename.uk/
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /mywebsitename.uk/index.php [L]
    </IfModule>

    # END WordPress

    the .orig is

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    does this look ok ?

    Thread Starter chrisbourn

    (@chrisbourn)

    Hi

    Ive looked at a backup I made in September last year….
    This has to be ‘clean’ ?

    I’m installing locally, making some updates to the content I made in January.
    Im updating to the latest WP version.
    Deleting unused themes.
    Updating the current theme
    adding wordfence plugin.

    I think this should overcome the problems?
    Dont think the malware will have sat there since September so Im guessing this is a good route to take ?

    What are your thoughts

    Moderator James Huff

    (@macmanx)

    It should, but I really recommend following through with the guides I posted earlier.

    If you don’t find, remove, and close the vector they used to get in, the hack will simply happen again.

    Thread Starter chrisbourn

    (@chrisbourn)

    Many thanks for you assistance

    I’ve decided to delete the site, and have now reinstalled and rebuilt the content.

    I was spending a lot of time look for this, (and a little knowledge is a dangerous thing ??

    So I decided it Was quicker than trying to isolate the problem.

    Thank you for your assistance

    Moderator James Huff

    (@macmanx)

    You’re welcome!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘404testpage4525d2fdc , malware’ is closed to new replies.

Tags