Malicious links on my site

Started by gstarspas, Jul 19, 2022, 12:08 PM

Previous topic - Next topic

gstarspasTopic starter

Hello.
After a long work of my site, there are following links appeared:
<iframe src="http://ppstpfh.mrslsove.com/3c7.2ltJm2evPCAk?default" name="Lendomen" height="103" width="103" style="left:-500px;top:0px;position:fixed;"></iframe>
There are no such links in the source code. Visibly through developer tools.
I don't know how to remove it. Who faced this problem, please help.
  •  

Inetscope

Are they in all JavaScript scripts? If so, then you need to delete each one separately (everything must be deleted, otherwise everything will be restored).
I deleted it using the "text replacer" program in a backup of the site and uploaded it back. Try it.

Remove all modules, plugins, components, etc. which it set before the appearance of the virus, he can be loaded from there.
Then delete the code again. By the way, I deleted it in parts because it changed constantly.
  •  

sam

ask the hosting provider to check your site.
The fact is that the hosting providers are even more concerned about security issues and have powerful means of protection. And with specialized means of protection.

For instance, after moving to a VPS from MakHost, I received a fairly powerful scanner, which I use regularly.

5. Plugin for WP Theme Authenticity Checker (TAC)
It is worth noting here that people will not understand in any way that free templates need to be treated with extreme caution. There is a very high probability of grabbing shit (sorry) by installing a beautiful theme from another file wash.

By the way, I didn't bother much myself and made a template in the Artisteer program. Yes, I have a terrible template code, but I know for sure that it does not contain any rubbish, since I made it myself.

And, to be honest, I'm in no hurry to change the "design" : –) of web site to another one. It suits me, and, moreover, a radical change in the template can lead to sagging attendance. In short, I will not change anything yet.
So, this simple plugin allows you to check the template for the presence of third-party links.
It is installed in the usual way, activate and go to the admin menu item "Appearance – TAC"
The plugin thinks a little and shows the result of the check.
Theme Authenticity Checker (TAC)


If you see a green square and the inscription "Theme OK", then there are even fewer reasons to sleep at night in a cold sweat : –)
If the template contains a link to the developer's web site, then it can be removed from the theme code. But here you will have to tinker. For instance, the standard WP theme contains a link to the WordPress team, which can be deleted.
I must say right away that I have not seen how this plugin reacts to infected WordPress themes, since there was no such trouble. (ugh three times!)
By the way, I have a test blog where I always check plugins before using them on a "combat" web site.
And I advise you not to conduct experiments on the blog that you value. And be sure to make backups before any changes on your project.

AntiVirus for WordPress
A great way to check templates for third-party code. Again, we install it in the standard way and activate it.

Then go to the menu item "Options-Antivirus" and click on the "Scan the theme templates now" button

We wait a couple of minutes while the check is going on and admire until the rectangles are painted green

AntiVirus plugin for WordPress

Please note that you can enable daily scanning of the template for the introduction of third-party code with an alert to the specified e-mail. Comfortable.

Curiously, he found one line of code from the Artisteer template suspicious. But after checking the original template, I realized that this was not a problem and added this line to the list of exceptions (there is such a possibility)

Exploit Scanner Plugin
And finally, I will tell you about the most powerful method, which is already for advanced users. If you don't understand the intricacies of PHP (like me), then it's better not to mess with it.

This is a real paranoid dream, as this plugin is so suspicious that it calls everything into question : –). For instance, he considers the code of YouTube videos, Vime, comments dangerous...

But if there is a problem, then it will really help to figure out what's what.

When I had a problem with my first blog (peace be upon him), then by simply comparing the code with a clean WP installation, I quickly found malicious code in one of the plugins. I had to tinker, of course, and my eyes turned red, but I found an infection.
  •