MW:SPAM:SEO and no Solution in Site

Home Forums Support Forum MW:SPAM:SEO and no Solution in Site

Tagged: 

This topic contains 12 replies, has 5 voices, and was last updated by  Adesanmi Adedotun 1 year ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #865

    Hector Gil
    Member

    Good evening. I just detected today that I was hacked. In looking at Sucuri, http://sitecheck.sucuri.net/results/www.houseoffilms.com

    It mentions details that I cannot find anything identical in the search forums. I have searched throughout the site php files and cannot find such links. Not sure if it is coming from a plugin. I scanned with your tool, and it comes back clean. Any suggestions?  Thanks

    #866

    Anti-Malware Admin
    Key Master

    This looks like an old threat. I’m surprised my plugin did not find it. Have you downloaded the latest Definition Updates?

    If you want me to take a look at this for you I’ll need you to send me your WP Admin login. You email me directly: eli AT gotmls DOT net

    Aloha, Eli

    #867

    Hector Gil
    Member

    Thanks. I just downloaded the definitions and am in the process of rescanning.  Will let you know what it comes back with. I will scan the website, content and plugins and report back. Thanks

    #868

    Hector Gil
    Member

    So the report shows the following below.  Is the plugin the cause?

    Backdoor Scripts is the first one and Known Threats are the rest.

    /home/content/30/8669930/html/wp-content/plugins/backupcreator/backupcreator.php

    /home/content/30/8669930/html/wp-content/themes/framerate/functions.php
    /home/content/30/8669930/html/wp-content/themes/twentyeleven/functions.php
    /home/content/30/8669930/html/wp-content/themes/twentyten/functions.php
    /home/content/30/8669930/html/wp-content/themes/twentythirteen/functions.php
    /home/content/30/8669930/html/wp-content/themes/twentytwelve/functions.php

    #869

    Anti-Malware Admin
    Key Master

    The backdoor was probably used to infect all your themes, but I can’t be sure how that plugin file got a back door in it.

    You should remove all those threats and the click the small link on securi to “Force Re-scan” just to make sure we got them all.

    Let me know if you find more problems that you need help with.

    Aloha, Eli

    #870

    Hector Gil
    Member

    Good morning. Thank you for the info.  Where is that “force re-scan” link as I cannot find it?  Thanks

    #871

    Anti-Malware Admin
    Key Master

    The sucuri.net scan results are cached, so it will not automatically update to reflect the changes you have made to your site. The “Force a Re-scan” link is at the bottom of the scan results, just above the heading “Scan Another Site”.

    #875

    chris jones
    Member

    Hey Eli

     

    I need some assistance with MW:SPAM:SEO removal. Sucuri has found numerous instances on my site. I will donate and whatever I need to and need some advice into the future for a number of my other site. 

     

    thanks

    #876

    Anti-Malware Admin
    Key Master

    Hey Chris,
    Thanks for sending me you login info. I just ran a Quick Scan on your themes and it found the malicious ‘b_goes’ function used to handle output buffers. This code was added to the functions.php file in all 7 of your themes. I applied the Automatic Fix which successfully removed the malicious code from all 7 infected files and now this site is clean.

    This type of infection usually gets in from a vulnerability on another site on the same shared hosting server. Most shared hosting plans have no cross contamination security at all such that a single site’s weakness can be exploited by hackers to infect other sites on your account and sometimes even other accounts on the same server.

    I am running a Complete Scan now on all the sites in the html directory. There are a lot of sites in this account so it looks like it will take about an hour to Scan them all but it has already found and fixed infected files on another site. I will follow-up with you directly via email when the scan is complete.

    #878

    Ryan Grigsby
    Member

    Hi Eli,

    I am having the same problem as Chris with the MW SEO malware. I ran a scan and it turned up 7 potential threats as well as quarantined malware in my header.php. I am willing to send you my login credentials as well as make a donation if you can clean this up for me. I look forward to your response. God bless.

    Ryan

    #879

    Anti-Malware Admin
    Key Master

    Ryan,
    If you quarantined the threat in the header than you probably got the bad guy already. Your site looks clean to me.

    If you have any reason to believe your site is still infected then send me your login info and I’ll take a look.

    Aloha, Eli

    #1719

    Hi Admin,

     

    I am currently having the same issue spam mw:spam:seo according to sucuri on my site at https://sitecheck.sucuri.net/results/thegeekiepedia.com. After which I ran a scan on the site using Anti-malware latest definition but could not fix the issue. Please could you help take a look in to this in the mean time?

    #1720

    I am currently having the same issue spam mw:spam:seo according to sucuri on my site at https://sitecheck.sucuri.net/results/thegeekiepedia.com. After which I ran a scan on the site using Anti-malware latest definition but could not fix the issue. Please could you help take a look in to this in the mean time?

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.

Comments are closed.