December 18, 2013 at 5:24 pm #865
Good evening. I just detected today that I was hacked. In looking at Sucuri, http://sitecheck.sucuri.net/results/www.houseoffilms.com
It mentions details that I cannot find anything identical in the search forums. I have searched throughout the site php files and cannot find such links. Not sure if it is coming from a plugin. I scanned with your tool, and it comes back clean. Any suggestions? ThanksDecember 18, 2013 at 6:07 pm #866
This looks like an old threat. I’m surprised my plugin did not find it. Have you downloaded the latest Definition Updates?
If you want me to take a look at this for you I’ll need you to send me your WP Admin login. You email me directly: eli AT gotmls DOT net
Aloha, EliDecember 18, 2013 at 6:19 pm #867
Thanks. I just downloaded the definitions and am in the process of rescanning. Will let you know what it comes back with. I will scan the website, content and plugins and report back. ThanksDecember 18, 2013 at 6:26 pm #868
So the report shows the following below. Is the plugin the cause?
Backdoor Scripts is the first one and Known Threats are the rest.
/home/content/30/8669930/html/wp-content/themes/twentytwelve/functions.phpDecember 18, 2013 at 6:37 pm #869
The backdoor was probably used to infect all your themes, but I can’t be sure how that plugin file got a back door in it.
You should remove all those threats and the click the small link on securi to “Force Re-scan” just to make sure we got them all.
Let me know if you find more problems that you need help with.
Aloha, EliDecember 19, 2013 at 3:42 am #870
Good morning. Thank you for the info. Where is that “force re-scan” link as I cannot find it? ThanksDecember 19, 2013 at 4:36 am #871
The sucuri.net scan results are cached, so it will not automatically update to reflect the changes you have made to your site. The “Force a Re-scan” link is at the bottom of the scan results, just above the heading “Scan Another Site”.January 9, 2014 at 4:16 am #875
I need some assistance with MW:SPAM:SEO removal. Sucuri has found numerous instances on my site. I will donate and whatever I need to and need some advice into the future for a number of my other site.
thanksJanuary 9, 2014 at 6:21 am #876
Thanks for sending me you login info. I just ran a Quick Scan on your themes and it found the malicious ‘b_goes’ function used to handle output buffers. This code was added to the functions.php file in all 7 of your themes. I applied the Automatic Fix which successfully removed the malicious code from all 7 infected files and now this site is clean.
This type of infection usually gets in from a vulnerability on another site on the same shared hosting server. Most shared hosting plans have no cross contamination security at all such that a single site’s weakness can be exploited by hackers to infect other sites on your account and sometimes even other accounts on the same server.
I am running a Complete Scan now on all the sites in the html directory. There are a lot of sites in this account so it looks like it will take about an hour to Scan them all but it has already found and fixed infected files on another site. I will follow-up with you directly via email when the scan is complete.January 16, 2014 at 7:52 am #878
I am having the same problem as Chris with the MW SEO malware. I ran a scan and it turned up 7 potential threats as well as quarantined malware in my header.php. I am willing to send you my login credentials as well as make a donation if you can clean this up for me. I look forward to your response. God bless.
RyanJanuary 16, 2014 at 6:10 pm #879
If you quarantined the threat in the header than you probably got the bad guy already. Your site looks clean to me.
If you have any reason to believe your site is still infected then send me your login info and I’ll take a look.
You must be logged in to reply to this topic.