Spam Redirect Found in Wordfence File

  • Resolved alexgrassriots

    (@alexgrassriots)


    7 months, 2 weeks ago

    Hi, one of my clients websites was hacked, and the homepage was being redirected to a spam Viagra site. I determined it was happening by a <meta http-equiv="refresh" tag that was injected into the page. I searched through the theme, core, and database for any references to the URL it was being redirected to, with no success. Then I tried base64 encoding the URL, and searched for that, and I found reference to it in an encoded file in the wordfence plugin folder. Here’s a screenshot of the file: https://capture.dropbox.com/5SUlTpMZB3ZKP88z

    Can you help me understand the purpose of these files? Are these logs from scans or something? Or was this file modified maliciously, and causing the spam redirect to happen?

    Thank you!

Viewing 1 replies (of 1 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @alexgrassriots,

    Those files are not part of the Wordfence plugin and may have been added maliciously. Please run a scan with Wordfence and use it to delete/replace any infected files. Scan with the High Sensitivity scan type for best results. You can update this setting at?Wordfence > Scan > Scan Options and Scheduling > High Sensitivity. Make sure to back up your site files before deleting anything.

    As a rule, any time I think someone’s site has been compromised, I also tell them to update their passwords for their hosting control panel, FTP, all WordPress admin users, and database. Make sure to do this.

    You should also update all plugins and themes, and ensure that you’re running the latest version of WordPress core.

    We have the following checklist for site admins to clean sites: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/ Additionally, you might find the WordPress Malware Removal section in our Learning Center helpful: https://wordfence.com/learn/

    If you are unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one and there are others. Regardless of whether you choose to clean it yourself or let someone else do it, we recommend that you make a full backup of the site beforehand.

    Please let me know if you have any questions.

    Thanks,
    Margaret

Viewing 1 replies (of 1 total)
  • The topic ‘Spam Redirect Found in Wordfence File’ is closed to new replies.