Home › Forums › Support Forum › Malicious Site Blocked!
This topic contains 10 replies, has 2 voices, and was last updated by Anti-Malware Admin 4 years, 5 months ago.
-
AuthorPosts
-
June 28, 2020 at 1:02 pm #12786
Hi. When I try to load my website ( www[.]malteseblogger[.]com ) on my chrome this
comes comes norton stops it with this error:
Malicious Site Blocked!
You attempted to access:
propu[.]sh/pfe/current/tag.min.js?z=2866344
This webpage is a known malicious webpage. It is highly recommended that you do NOT visit this page.Visit
Norton
to learn more about phishing and internet security.What can I do please?
I already installed and donated for your plugin…but seems this is not caught in theĀ scan….unless it is in one of the skipped file
- This topic was modified 4 years, 5 months ago by Anti-Malware Admin. Reason: broke links to malicious URL
- This topic was modified 4 years, 5 months ago by Anti-Malware Admin. Reason: removed malicious links
June 28, 2020 at 1:28 pm #12788This URL is already in my latest definitions of DB Injections, but this one looks like it might have been injected directly into your theme’s footer.php file. Can you please send me the footer.php file from your theme so that I can added this new variant to my definition updates. Then it can be automatically removed from any files using my plugin in future scan.
June 29, 2020 at 11:05 am #12880Hi,
I’ve sent you the footer.php
Not sure if this can help – debugger tools from my website – before prompting the norton blocking.
June 29, 2020 at 12:04 pm #12887image
June 29, 2020 at 7:27 pm #12909Thanks for sending me you footer.php file. Unfortunately this malicious JavaScript was not generated from within that file.
After seeing that file it is clear that this malicious code is being generated by another file using the wp_footer hook. This could be a rogue plugin file or a hacked WP Core file or maybe even some new filter/action added to the functions.php file.
Can you send me a list of your plugin (a screenshot of the Installed Plugins page in your wp-admin will do), and a list of all the folders in your /wp-content/plugins/ directory too?
June 29, 2020 at 7:58 pm #12916June 29, 2020 at 8:59 pm #12920I’m not sure why some of your posts are not showing anything on this forum but I got your plugin lists and there are a lot of Ad Plugins that I guess you use to generate ad revenue on your site. My first guess is would be that one of those is responsible for adding that propu[.]sh script into your footer. I would suggest that you try deactivating those plugins and then clear your cache and see if that malicious JavaScript still shows up in the HTML of your footer section.
July 5, 2020 at 12:22 am #13440Thank you.
I will do so and clear the cache from the browser.Is there an other kind of cache that I need to clear?
Regards,
Chris
July 8, 2020 at 5:14 pm #13793If your server has any caching software installed or if you use any caching plugin on your site then you should clear those cache files too. Maybe even disable any server-side caching while you are working on this issue. cache files can preserve the appearance of malicious threats on your site even after you have removed the malicious code.
July 11, 2020 at 7:12 am #14050can someone share example of such plugins?
July 13, 2020 at 8:10 am #14246Here is a list of caching plugins available for WordPress:
https://wordpress.org/plugins/search/cache/
All of these, by the nature of what they do, can make it difficult to remove all the malware on your site, as there purpose is to create copies of your site’s generated output (including any output generated by malware) and display that save code (even if it have malware in it).
Additionally, some of these plugin may interfere with the scan process by intercepting the generated output from the scan results, thereby potentially slowing the scan or sometimes even altering the results before they are displayed.
Therefore, it is generally advised to disable all caching and delete all cache files before scanning for malware on any site.
-
AuthorPosts
You must be logged in to reply to this topic.