roof55-no

Yeh, have donne this at securi.com for several time. Seems to only helps her is to pay $$$ as commercial page for service. If this service contains any sort of useful information, it’s good covered.
I can see Mc Afee first time declare this site as red as long since to 2. in January 2016!
panoramaflyfoto.no

This page shows details and results of our analysis on the domain panoramaflyfoto.no
Threat Detail

Web Category: Malicious Downloads
Activation:
Last Seen: 2016-02-01
So, it is perhaps a matter of fact to get rid of the place in a blacking list?

I did not find more information, so far.

Thanks to Jim Huff for still supporting with good advices!
Last sacan:
Congratulations! No security problems were detected by Wordfence.

GOTMLS.NET repporting in front of above scan:
Check all 4 Items in Quarantine
…/www/wp-includes/js/jquery/jquery-migrate.min.js
…/www/wp-includes/js/jquery/jquery-migrate.js
…/www/wp-includes/images/crystal/license.txt
…/www/license.txt

All file was re-installed, work out by GOTMLS.NET features. Result of new scan:
Potential Threats

* NOTE: These are probably not malicious scripts (but it’s a good place to start looking IF your site is infected and no Known Threats were found).

?…/www/wp-content/plugins/wp-simple-firewall/src/common/Twig/Environment.php
?…/www/wp-content/plugins/wp-simple-firewall/src/common/Twig/Test/IntegrationTestCase.php
?…/www/wp-content/plugins/wp-simple-firewall/src/common/json/JSON.php
?…/www/wp-content/themes/ultra/js/flexie.js
?…/www/wp-content/uploads/ithemes-security/logs/event-log-panoramaflyfoto-no-J84zrog.log

It seems to be a trust WEB site so far, even McAfee tells this:
Phishing attempt!
This page is part of a phishing attempt

Web page:
https://www.trustedsource.org/?p

https://www.VIRUStotal scan give this report:
ADMINUSLabs Malicious site
Avira Malware site
Fortinet Malware site
Yandex Safebrowsing Malware site
But I still want my WEB hotel supplier to make a re-scan. And still update result here.

Glosshh! So easy! No, no warning longer! Thanks to volunteers, but especially James Huff. It’s great, made my day’s!

At first i goes through all php files in the root\www Dir.

The default.php belongs to Dir. root\www\www\wp-content\plugins\siteorigin-panels\widgets\widgets\animated-image\tpl
This file are declared to contains a Backdoor

Hopefully this was some helps?

No. I just leave it, but change the end words, from PHP to PHP-OLD. When entry the page, I get the 503 error. Renamed this file again., and it was up and running. My worry are my MalwareBytes and Bitdefender give warning to entry this site, but Google safe search did not give any warnings(?). It could be a solution to sent inquiry to thus two security software, in same method as it is for google safe search, you have to give a manual operation to google to be whitelisted again after attac. After this, I have open every php files in www/wp-contains map and take a look for suspicious, but could not find any crypted sentence.

That was no good idea:
Error 503 Backend fetch failed

Backend fetch failed
Guru Meditation:
XID: 115332999
Varnish cache server

So, wondering why Google search did not give any warning to visit this WEB site, but MalwareBytes and Bitdefender do it?

Thanks.
First I was do, remove an old html file, as index.html. Easy. Next to do was change the password for enter WEB server hotel. Also change password to WP enter. Both password with >>>16 char., lower/upper caser+ mix of count tal, as well.

I was implemented 3 different security ads to my WP. 1. Anti-Malware from GOTMLS.NET, 2. iThemes Security, 3. iControlWP, think tat shod be enough. Just first one running av full version (donated), two other running thus function as free version. possibility. Other paid function cost $$$, so have to see for a while if extra function are paid for.

any way, one error left, and I really did not see it! Google search inform as not dangerous page for visit, even my MalwareBytes+Bitedefender give warning to entry this web. The malware are <hidden> into the file default.php, which contains as follow:
<img src=”<?php echo esc_url($instance[‘image’]) ?>” style=”visibility:hidden” data-animation=”<?php echo esc_attr($instance[‘animation’]) ?>” />

I will now simply try to remove this file from my WEB server (back up all files as download to my pc). Then let see wath happen with the function for the WEB, also about this entering warning, disappear(?).