chadlamson

So has anyone found a firewall solution to block the backdoors? I know Sucuri is good, but I can’t afford to put that on 25+ sites.

So I have gone through and made sure that all plugins are up to date, and reinstalled WordPress on all of my sites. I have submitted a request to Google to remove the blacklist, and they have started doing so.

One problem though. I have started finding references to the link below in various plugins on the sites that were infected. One was in a file from Gravity Forms and another was in LayerSlider. Here is the link:

122.155.168.105/ads/inpage/pub/collect.js

This is causing errors on the sites, which is how I found it. Anyone else running into this?

So I am going through each of my sites and reinstalling WordPress, and making sure all plugins are up to date. Once I do this, do the sites that got blacklisted need to be submitted to Google to take them off of the list?

@daniel I do have other sites in the same hosting account that have Rev Slider, but even the sites that do not have Rev Slider, have the infection.

Another thing that is strange… I have WordPress installs on sites that do not have a domain pointing at them (I have to change my host file on my local machine to view them) and even these sites are infected. It seems it is able to move from site to site on a hosting account.

Having the same issue on some of my sites. I can also confirm that I have sites with this same malware that DO NOT have Rev Slider installed.