Hi. When I try to load my website ( www[.]malteseblogger[.]com ) on my chrome this
comes comes norton stops it with this error:
Malicious Site Blocked!
You attempted to access:
propu[.]sh/pfe/current/tag.min.js?z=2866344
This webpage is a known malicious webpage. It is highly recommended that you do NOT visit this page.
Visit
Norton
to learn more about phishing and internet security.
What can I do please?
I already installed and donated for your plugin…but seems this is not caught in theĀ scan….unless it is in one of the skipped file
-
This topic was modified 4 years, 4 months ago by
Anti-Malware Admin. Reason: broke links to malicious URL
-
This topic was modified 4 years, 4 months ago by Anti-Malware Admin. Reason: removed malicious links
This URL is already in my latest definitions of DB Injections, but this one looks like it might have been injected directly into your theme’s footer.php file. Can you please send me the footer.php file from your theme so that I can added this new variant to my definition updates. Then it can be automatically removed from any files using my plugin in future scan.
Hi,
I’ve sent you the footer.php
Not sure if this can help – debugger tools from my website – before prompting the norton blocking.
Thanks for sending me you footer.php file. Unfortunately this malicious JavaScript was not generated from within that file.
After seeing that file it is clear that this malicious code is being generated by another file using the wp_footer hook. This could be a rogue plugin file or a hacked WP Core file or maybe even some new filter/action added to the functions.php file.
Can you send me a list of your plugin (a screenshot of the Installed Plugins page in your wp-admin will do), and a list of all the folders in your /wp-content/plugins/ directory too?
I’m not sure why some of your posts are not showing anything on this forum but I got your plugin lists and there are a lot of Ad Plugins that I guess you use to generate ad revenue on your site. My first guess is would be that one of those is responsible for adding that propu[.]sh script into your footer. I would suggest that you try deactivating those plugins and then clear your cache and see if that malicious JavaScript still shows up in the HTML of your footer section.
Thank you.
I will do so and clear the cache from the browser.
Is there an other kind of cache that I need to clear?
Regards,
Chris
If your server has any caching software installed or if you use any caching plugin on your site then you should clear those cache files too. Maybe even disable any server-side caching while you are working on this issue. cache files can preserve the appearance of malicious threats on your site even after you have removed the malicious code.
can someone share example of such plugins?
Here is a list of caching plugins available for WordPress:
https://wordpress.org/plugins/search/cache/
All of these, by the nature of what they do, can make it difficult to remove all the malware on your site, as there purpose is to create copies of your site’s generated output (including any output generated by malware) and display that save code (even if it have malware in it).
Additionally, some of these plugin may interfere with the scan process by intercepting the generated output from the scan results, thereby potentially slowing the scan or sometimes even altering the results before they are displayed.
Therefore, it is generally advised to disable all caching and delete all cache files before scanning for malware on any site.
