Website considered “suspicious” by some VPNs

  • Some company VPNs are blocking my portfolio site and labeling it as “suspicious” and as “category: weapons”. I used a couple of online malware scanning tools and all results came back as suspicious.

    The website https://scanner.pcrisk.com/ provided a file name and the offending code:
    s0.2mdn.net/ads/studio/Enabler.js
    [[<meta http-equiv=”refresh” content=”0; url=’+f+'”>]]

    I’ve narrowed it down to a theme issue by deactivating and deleting all plugins and still getting the same scan result. But I’m asking for help here because I can’t find that file name or code anywhere in the theme files. Please help.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Theme Author Anders Norén

    (@anlino)

    Hi @pletchek,

    It’s probably a malicious code insertion in the theme files – in other words, someone (or more likely a bot) gained access to your server and inserted the code somewhere in the theme.

    I can’t help you with cleaning up the theme files in this support forum, but there are paid services that do that sort of thing. Since they had access to the theme files, they could have inserted malicious code elsewhere on your server as well, so simply reinstalling the theme won’t do the trick.

    — Anders

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Thread Starter pletchek

    (@pletchek)

    Ok, thank you. This is all very helpful information

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Website considered “suspicious” by some VPNs’ is closed to new replies.