Site redirect malware

  • Hello,

    My website have malware. When a new visitor arrives automatically it is forwarded to the site post.simplefunsite.info/go.php?rewrite=81 which subsequently forwards it 3 more times.

    To resolve this problem, I must fetch a database from the previous day and replace by the new one. The problem solved… until I came back 2 or 3 days later.

    My question is: how to solve this problem?

Viewing 15 replies - 1 through 15 (of 20 total)

  • You need to do a few things to make sure the site is secure:

    1 — Make sure WordPress and all plugins are up to date.
    2 — Remove any unused plugins and themes.
    3 — Audit your users and make sure all are legit.
    4 — Update your password to something secure if it’s not.
    5 — Install WordFence and have it do a full scan of your site.
    6 — Use WordFence, iThemes Security, or something similar to help protect the site ongoing.

    Thread Starter son_gokou

    (@son_gokou)

    1 – already done
    2 – only 1 theme and only the used plugins
    3 – only 1 user, and changed password many times
    4 – already done
    5 – wordfence didn’t detect anything
    6 – I have also anti malware

    Same case here. Scanned with Sucuri, WordFence, and iThemes Security, but nothing is detected

    Thread Starter son_gokou

    (@son_gokou)

    I also scanned with Sucuri, WordFence and Ithemes Security and nothing is detected! The malware is still on the site…

    Same problem.

    Thread Starter son_gokou

    (@son_gokou)

    It seems that this problem is currently happening with many people. And already a few weeks ago. So far no solution is found.

    Two thoughts:

    1 — Where are each of you hosted? I wonder if that could be a factor.

    2 — In Wordfence, have it do the deepest scan possible. Go into the Wordfence options panel and make sure that “Scan files outside your WordPress installation”, “Scan images, binary, and other files as if they were executable”, and “Enable HIGH SENSITIVITY scanning (may give false positives)” are all enabled.

    Update:
    I discovered the malware script get.simplefunsite.info/rw.js injected to database inside the wp_options. Hope this info can help.

    • This reply was modified 7 years, 6 months ago by sundulgun.

    Hi,

    i have same error (redirect to: post.simplefunsite.info/go.php?rewrite=81)

    Is very simple:
    1. Change ftp password (with very strong pass)
    2. Change login admmin password (with very strong pass)
    3. Problem isn’t n site scripts, or template scripts, is, (very clever atack!!!) on teme settings (or THEME PANEL, whatever…), in backend WordPress Administration. In my case, I find 3 scripts, 2 in Ads, on teme settngs, and one in YOUR CUSTOM JAVASCRIPT… Delete this scripts, and your website is work like a charm! Sorry for my bad english, but I’m from Romania (Eastern Europe)

    Have a nice day!

    I’m guessing that all of us using Newspaper theme?

    And this problems is on pirated/nulled wordpress themes! WPLOCKER themes, or whatever free paid themes. The best solution is to reinstall wordpress and change the theme, or change the theme…

    Thread Starter son_gokou

    (@son_gokou)

    sundulgun: yes the malware is injected on options table

    Thread Starter son_gokou

    (@son_gokou)

    sundulgun: I use newspaper theme!

    Thread Starter son_gokou

    (@son_gokou)

    grigoresz: I installed wordpress a few weeks ago but the theme and the posts I had to import. It didn’t solve the problem.

    Thread Starter son_gokou

    (@son_gokou)

    grigoresz: yes the malicious code was on theme panel, on javascript custom code. But deleting the code won’t solve the problem. It solve the problem only for today…

Viewing 15 replies - 1 through 15 (of 20 total)
  • The topic ‘Site redirect malware’ is closed to new replies.