martimarti91

Had same problem on my website just now.
Theme – photozoom
WP Version 5.5
Added the code you posted, fixed the problem.
Thank you

okay, how is my site hacked when the website works fine, scans clean with payed version of Wordfence, also scanned and result is clean from Quettera, Sucuri, Virus Total, Aw Snap, isithacked and through the Google security?
Any advice – thank you

Yes, totally deleted. no comments at all. Trying to find out how to deactivate them.

P.S. Searched for all 3 websites. Nothing came out

• This reply was modified 5 years, 3 months ago by martimarti91.

I had bad comments but erased them few months ago when they were posted.
I will try the file search and see what comes up.

P.S. I downloaded my entire site and searched for those names and nothing came up. Do you search for them in Folder directory or? Thanks

• This reply was modified 5 years, 3 months ago by martimarti91.

Hello,

Did it, fixed it, you’re the man. If there was a “thank you” button, I would have clicked on it.

Thank you!

my advice is to invest a few days to a week on a good research to make sure whatever you will choose, will be he right thing for you. if you don’t want to, then trial and error will show you what works best for you, meaning, install>test> either it works for you or not.

I just checked and click on “next” and “previous” a bunch of times and everything works. what is the exact issue you are having?

the reason for that is you don’t have a picture in your main header. put any picture just to test and confirm this is fixing the issue and after make sure you choose the right picture.

go to your WordPress dashboard >> pages >> open the page where those files are >> try to align them with visual editor. if it doesn’t work change to text editor and check for any unnecessary paragraphs or lines that might be cause this issue.

1. go to your CSS Editor
2. search for
#colophon .widget_text {
margin-top: 0;
}
3. delete/comment margin-top
4. problem solved

hope I helped

I wrote to google to re-check if possible. in the mean time I found this:

64: < !– / Google Analytics by MonsterInsights –>
65: < sc?ript type=”text/javascript”>
66: window._wpemojiSettings = {“baseUrl”:”https:\/\/s.w.org\/images\/core\/emoji\/2.4\/72×72\/”,”ext”:”.png”,”svgUrl”:”https:\/\/s.w.org\/images\/core\/emoji\/2.4\/svg\/”,”svgExt”:”.svg”,”source”:{“concatemoji”:”https:\/\/www.mdance.us\/wp-includes\/js\/wp-emoji-release.min.js?ver=4ce2ef7c65747218759dedcb9c59deac”}};
67: !func?tion (a,b,c){func?tion d(a,b){var c=String.fromCharCode;l.clearRect(0,0,k.width,k.height),l.fillText(c.apply(this,a),0,0);var d=k.toDataURL();l.clearRect(0,0,k.width,k.height),l.fillText(c.apply(this,b),0,0);var e=k.toDataURL();return d===e}func?tion e(a){var b;if(!l||!l.fillText)return!1;switch(l.textBaseline=”top”,l.font=”600 32px Arial”,a){case”flag”:return!(b=d([55356,56826,55356,56819],[55356,56826,8203,55356,56819]))&&(b=d([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]),!b);case”emoji”:return b=d([55357,56692,8205,9792,65039],[55357,56692,8203,9792,65039]),!b}return!1}func?tion f(a){var c=b.create?Element(” sc?ript “);c.src=a,c.defer=c.type=”text/javascript”,b.getElementsByTagName(“head”)[0].appendChild(c)}var g,h,i,j,k=b.create?Element(“canvas”),l=k.getContext&&k.getContext(“2d”);for(j=Array(“flag”,”emoji”),c.supports={everything:!0,everythingExceptFlag:!0},i=0;i< j.length;i++)c.supports[j[i]]=e(j[i]),c.supports.everything=c.supports.everything&&c.supports[j[i]],”flag”!==j[i]&&(c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&c.supports[j[i]]);c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&!c.supports.flag,c.DOMReady=!1,c.readyCallback=func?tion (){c.DOMReady=!0},c.supports.everything||(h=func?tion (){c.readyCallback()},b.addEventListener?(b.addEventListener(“DOMContentLoaded”,h,!1),a.addEventListener(“load”,h,!1)):(a.attachEvent(“onload”,h),b.attachEvent(“onreadystatechange”,func?tion (){“complete”===b.readyState&&c.readyCallback()})),g=c.source||{},g.concatemoji?f(g.concatemoji):g.wpemoji&&g.twemoji&&(f(g.twemoji),f(g.wpemoji)))}(window,document,window._wpemojiSettings);
68: < / sc?ript >

does that seem like an issue?
scanned with https://aw-snap.info/file-viewer and this was the only awkward code.

@knittingand just scanned with wordfence:
result – No new issues have been found.

@kartiks16 I upgraded to the newest version of WP few days before it happened.
Spam links through comment section – can you explain?

@jdembowski all Application Based Scanners (Plugins) don’t find anything and all Remote Based Scanners (Crawlers) don’t find anything either. What’s your advice?

Best Regards

Hello everyone,
Google ad-words stopped my ads because they send me an email stating that there is malware in it. Here is what the specialist said:

“I got your account reviewed and the most recent system scan detected that your website https://www.mdance.us/ is affected by Malware due to which ads have been disapproved.

mobisla.com
mobpushup.com
NOTE: PLEASE DO NOT CLICK ON THE LINK AS IT MAY AFFECT YOUR COMPUTER.”

Started researching and I installed the following plugins:
– wordfence
– anti-malware scan from GOTMLS.NET

Wordefence result:
Critical Problems:

* Unknown file in WordPress core: wp-includes/wp-vcd.php

Anti-Malware Scan result:
Potential Threats
* NOTE: These are probably not malicious scripts (but it’s a good place to start looking IF your site is infected and no Known Threats were found).

?…/public_html/mdesire/wp-admin/includes/class-pclzip.php
?…/public_html/mdesire/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/vendor/dompdf/dompdf/src/PhpEvaluator.php
?…/public_html/mdesire/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/vendor/sabberworm/php-css-parser/lib/Sabberworm/CSS/CSSList/CSSBlockList.php
?…/public_html/mdesire/wp-includes/js/json2.js
?…/public_html/mdesire/wp-includes/js/json2.min.js
?…/public_html/mdesire/wp-includes/js/tw-sack.js
?…/public_html/mdesire/wp-includes/js/tw-sack.min.js
?…/public_html/mdesire/wp-includes/js/jquery/jquery.form.min.js
?…/public_html/mdesire/wp-includes/js/jquery/jquery.schedule.js
?…/public_html/mdesire/wp-includes/js/tinymce/tiny_mce_popup.js
?…/public_html/wp-admin/includes/class-pclzip.php
?…/public_html/wp-content/plugins/wordfence/js/jquery-ui-timepicker-addon.js
?…/public_html/wp-content/plugins/wordfence/js/jquery.dataTables.min.js
?…/public_html/wp-content/plugins/wordpress-seo-premium-master/js/dist/jquery.tablesorter.min.js
?…/public_html/wp-includes/js/json2.js
?…/public_html/wp-includes/js/json2.min.js
?…/public_html/wp-includes/js/tw-sack.js
?…/public_html/wp-includes/js/tw-sack.min.js
?…/public_html/wp-includes/js/jquery/jquery.form.min.js
?…/public_html/wp-includes/js/jquery/jquery.schedule.js
?…/public_html/wp-includes/js/tinymce/tiny_mce_popup.js

Sucuri result:
No Malware Found
Our scanner didn’t detected any malware
Site is not Blacklisted
9 Blacklists checked
22 URLs Scanned
Pages scanned: 8
Javascript files scanned: 14
Other files: 0
Our automated scan did not detect malware on your site. If you still believe that your site has been hacked, sign up for a complete scan, manual audit, and guaranteed malware removal.
Website Malware & Security
No malware detected by scan (Low Risk)
No injected spam detected (Low Risk)
No defacements detected (Low Risk)
Website Firewall not detected (Add protection)
No internal server errors detected (Low Risk)
Website Blacklist Status
Domain clean by Google Safe Browsing
Domain clean by Norton Safe Web
Domain clean on PhishTank
Domain clean on the Opera browser
Domain clean by SiteAdvisor
Domain clean by the Sucuri Malware Labs
Domain clean on SpamHaus DBL
Domain clean on Yandex (via Sophos)
Domain clean by ESET

I have my entire website downloaded via SublimeText. I am currently trying to search for the problem but I can’t. I am trying to locate those 2 website but no luck so far.

Thanks in advance!

Update 5/9/2018
I actively searched for the files which were described in the post above mine. Found exact same files, with exact same described content. Deleting them now and will report back what happens. Still no luck on finding those 2 websites that GoogleAdwords representitive gave me.

• This reply was modified 6 years, 6 months ago by martimarti91.