Rogue feed keeps appearing

Home Forums Support Forum Rogue feed keeps appearing

This topic contains 7 replies, has 2 voices, and was last updated by Anti-Malware Admin Anti-Malware Admin 1 year, 3 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #1329
    Vimal Popat
    Vimal Popat
    Member

    Hi Eli,

    I have installed your great plugin and it seems to have cleaned my site to a degree. I do however keep being attacked by what appears to be a rogue RSS feed (I am actually a novice so not sure if this is the case.)

    Even after the scan it still appears and I’m going crazy. Could you tell me why this is?

    Thanks.

    Vimal.

    #1330
    Anti-Malware Admin
    Anti-Malware Admin
    Key Master

    It looks like your theme’s header.php file is still infected. If you can send me a copy of this infected file then I will add it to my definition updates so that it too can be automatically removed.

    #1331
    Vimal Popat
    Vimal Popat
    Member

    Hi,

    Thanks for the reply. Do you want me to copy the code from the wordpress site and paste it in to this chat, email it to you or would you like me to set you as a temporary admin user to the site so you can access?

    #1332
    Anti-Malware Admin
    Anti-Malware Admin
    Key Master

    You can paste the contents into this forum topic or reply directly to my email. Thanks!

    #1333
    Vimal Popat
    Vimal Popat
    Member

    I think this is the right bit of code. I’ve responded to your email too.

    <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”&gt;

    <html xmlns=”http://www.w3.org/1999/xhtml&#8221; <?php language_attributes(); ?>>

     

    <head profile=”http://gmpg.org/xfn/11″&gt;

    <meta http-equiv=”Content-Type” content=”<?php bloginfo(‘html_type’); ?>; charset=<?php bloginfo(‘charset’); ?>” />

     

    <title>

    <?php if ( is_home() ) { ?><?php bloginfo(‘description’); ?> &raquo; <? bloginfo(‘name’); ?><?php } ?>

    <?php if ( is_search() ) { ?><?php echo $s; ?> &raquo; <? bloginfo(‘name’); ?><?php } ?>

    <?php if ( is_single() ) { ?><?php wp_title(”); ?> &raquo; <? bloginfo(‘name’); ?><?php } ?>

    <?php if ( is_page() ) { ?><?php wp_title(”); ?> &raquo; <? bloginfo(‘name’); ?><?php } ?>

    <?php if ( is_category() ) { ?>Archive <?php single_cat_title(); ?> &raquo; <? bloginfo(‘name’); ?><?php } ?>

    <?php if ( is_month() ) { ?>Archive <?php the_time(‘F’); ?> &raquo; <? bloginfo(‘name’); ?><?php } ?>

    <?php if ( is_tag() ) { ?><?php single_tag_title();?> &raquo; <? bloginfo(‘name’); ?><?php } ?>

    <?php if ( is_404() ) { ?>Sorry, not found! &raquo; <? bloginfo(‘name’); ?><?php } ?>

    </title>

     

    <link rel=”stylesheet” href=”<?php bloginfo(‘stylesheet_url’); ?>” type=”text/css” media=”screen” />

     

    <link rel=”alternate” type=”application/rss+xml” title=”RSS Feed” href=”<?php bloginfo(‘rss2_url’); ?>” />

    <link rel=”pingback” href=”<?php bloginfo(‘pingback_url’); ?>” />

     

    <link rel=”stylesheet” type=”text/css” href=”<?php bloginfo(‘template_directory’); ?>/lib/superfish.css” media=”screen”>

    <script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/lib/js/jquery-1.2.6.min.js”></script>

    <script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/lib/js/superfish.js”></script>

    <script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/lib/js/supersubs.js”></script>

     

    <script type=”text/javascript”>

     

    $(document).ready(function(){

    $(“ul.sf-menu”).supersubs({

    minWidth:    12,   // minimum width of sub-menus in em units

    maxWidth:    27,   // maximum width of sub-menus in em units

    extraWidth:  1     // extra width can ensure lines don’t sometimes turn over

    // due to slight rounding differences and font-family

    }).superfish();

    });

     

    </script>

     

    <?php if (is_singular()) wp_enqueue_script( ‘comment-reply’ ); wp_head(); ?>

     

    </head>

     

    <body>

     

    <div id=”page”>

     

    <div id=”header”>

     

     

    <ul id=”menu” class=”sf-menu clearfix”>

    <li class=”cat_item<?php if(is_home()) echo ‘ current-cat’; ?>”><a href=”<?php bloginfo(‘url’); ?>”>Home</a></li>

    <?php wp_list_categories(‘title_li=&sort_column=menu_order’); ?>

     

    </ul>

     

     

    <a href=”http://www.fx4sight.com/wp-content/uploads/2014/08/image1.png”><img src=”http://www.fx4sight.com/wp-content/uploads/2014/08/image1.png&#8221; alt=”image” width=”270″ height=”110″ class=”aligncenter size-full wp-image-3811″ /></a>

     

    <div id=”rss”>

    <a href=”<?php bloginfo(‘rss2_url’); ?>”>Subscribe to RSS Feed</a>

     

    </div>

     

     

    </div><!– end header –>

    #1334
    Anti-Malware Admin
    Anti-Malware Admin
    Key Master

    It looks like you have already removed the threat from this file. This code looks clean and your site is not showing those malicious links any more.

    Did you use my plugin to remove the infection from the header.php file, or did you remove it manually?

    #1335
    Vimal Popat
    Vimal Popat
    Member

    I didn’t do anything other than copy the code. The strange this is I ran your scan earlier today and the malicious code still showed up on the site. When I just checked, it had gone.

    If it reappears, shall I let you know and perhaps give you an admin login?

    I’m happy to donate should this be the case.

    #1336
    Anti-Malware Admin
    Anti-Malware Admin
    Key Master

    If you are using caching of any kind that may have resulted in the malicious code appearing on your site long after you had removed it with my plugin.

    In any case it looks like you are all good now. Feel free to contact me again if it comes back, and yes, please donate if you can ;-)

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

Comments are closed.