Topic: Rogue feed keeps appearing – Download this free Anti-Malware Plugin for WordPress.

This topic contains 7 replies, has 2 voices, and was last updated by Anti-Malware Admin 8 years, 4 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)

Author

Posts
December 3, 2015 at 1:02 am #1329

Vimal Popat
Member

Hi Eli,

I have installed your great plugin and it seems to have cleaned my site to a degree. I do however keep being attacked by what appears to be a rogue RSS feed (I am actually a novice so not sure if this is the case.)

Even after the scan it still appears and I’m going crazy. Could you tell me why this is?

Thanks.

Vimal.

December 3, 2015 at 10:23 am #1330

Anti-Malware Admin
Key Master

It looks like your theme’s header.php file is still infected. If you can send me a copy of this infected file then I will add it to my definition updates so that it too can be automatically removed.

December 3, 2015 at 10:32 am #1331

Vimal Popat
Member

Hi,

Thanks for the reply. Do you want me to copy the code from the wordpress site and paste it in to this chat, email it to you or would you like me to set you as a temporary admin user to the site so you can access?

December 3, 2015 at 11:02 am #1332

Anti-Malware Admin
Key Master

You can paste the contents into this forum topic or reply directly to my email. Thanks!

December 3, 2015 at 11:08 am #1333

Vimal Popat
Member

I think this is the right bit of code. I’ve responded to your email too.

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>

<html xmlns=”http://www.w3.org/1999/xhtml” <?php language_attributes(); ?>>

<head profile=”http://gmpg.org/xfn/11″>

<meta http-equiv=”Content-Type” content=”<?php bloginfo(‘html_type’); ?>; charset=<?php bloginfo(‘charset’); ?>” />

<title>

<?php if ( is_home() ) { ?><?php bloginfo(‘description’); ?> » <? bloginfo(‘name’); ?><?php } ?>

<?php if ( is_search() ) { ?><?php echo $s; ?> » <? bloginfo(‘name’); ?><?php } ?>

<?php if ( is_single() ) { ?><?php wp_title(”); ?> » <? bloginfo(‘name’); ?><?php } ?>

<?php if ( is_page() ) { ?><?php wp_title(”); ?> » <? bloginfo(‘name’); ?><?php } ?>

<?php if ( is_category() ) { ?>Archive <?php single_cat_title(); ?> » <? bloginfo(‘name’); ?><?php } ?>

<?php if ( is_month() ) { ?>Archive <?php the_time(‘F’); ?> » <? bloginfo(‘name’); ?><?php } ?>

<?php if ( is_tag() ) { ?><?php single_tag_title();?> » <? bloginfo(‘name’); ?><?php } ?>

<?php if ( is_404() ) { ?>Sorry, not found! » <? bloginfo(‘name’); ?><?php } ?>

</title>

<link rel=”stylesheet” href=”<?php bloginfo(‘stylesheet_url’); ?>” type=”text/css” media=”screen” />

<link rel=”alternate” type=”application/rss+xml” title=”RSS Feed” href=”<?php bloginfo(‘rss2_url’); ?>” />

<link rel=”pingback” href=”<?php bloginfo(‘pingback_url’); ?>” />

<link rel=”stylesheet” type=”text/css” href=”<?php bloginfo(‘template_directory’); ?>/lib/superfish.css” media=”screen”>

<script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/lib/js/jquery-1.2.6.min.js”></script>

<script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/lib/js/superfish.js”></script>

<script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/lib/js/supersubs.js”></script>

<script type=”text/javascript”>

$(document).ready(function(){

$(“ul.sf-menu”).supersubs({

minWidth: 12, // minimum width of sub-menus in em units

maxWidth: 27, // maximum width of sub-menus in em units

extraWidth: 1 // extra width can ensure lines don’t sometimes turn over

// due to slight rounding differences and font-family

}).superfish();

});

</script>

<?php if (is_singular()) wp_enqueue_script( ‘comment-reply’ ); wp_head(); ?>

</head>

<body>

<div id=”page”>

<div id=”header”>

<ul id=”menu” class=”sf-menu clearfix”>

<li class=”cat_item<?php if(is_home()) echo ‘ current-cat’; ?>”><a href=”<?php bloginfo(‘url’); ?>”>Home</a></li>

<?php wp_list_categories(‘title_li=&sort_column=menu_order’); ?>

</ul>

<a href=”http://www.fx4sight.com/wp-content/uploads/2014/08/image1.png”><img src=”http://www.fx4sight.com/wp-content/uploads/2014/08/image1.png” alt=”image” width=”270″ height=”110″ class=”aligncenter size-full wp-image-3811″ /></a>

<div id=”rss”>

<a href=”<?php bloginfo(‘rss2_url’); ?>”>Subscribe to RSS Feed</a>

</div>

</div><!– end header –>

December 3, 2015 at 12:20 pm #1334

Anti-Malware Admin
Key Master

It looks like you have already removed the threat from this file. This code looks clean and your site is not showing those malicious links any more.

Did you use my plugin to remove the infection from the header.php file, or did you remove it manually?

December 3, 2015 at 12:23 pm #1335

Vimal Popat
Member

I didn’t do anything other than copy the code. The strange this is I ran your scan earlier today and the malicious code still showed up on the site. When I just checked, it had gone.

If it reappears, shall I let you know and perhaps give you an admin login?

I’m happy to donate should this be the case.

December 3, 2015 at 2:30 pm #1336

Anti-Malware Admin
Key Master

If you are using caching of any kind that may have resulted in the malicious code appearing on your site long after you had removed it with my plugin.

In any case it looks like you are all good now. Feel free to contact me again if it comes back, and yes, please donate if you can
Author

Posts