Malicious Site Blocked!

Home Forums Support Forum Malicious Site Blocked!

This topic contains 10 replies, has 2 voices, and was last updated by  Anti-Malware Admin 2 months, 1 week ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #12786

    Hi. When I try to load my website ( www[.]malteseblogger[.]com ) on my chrome this

    comes comes norton stops it with this error:
    Malicious Site Blocked!
    You attempted to access:
    propu[.]sh/pfe/current/tag.min.js?z=2866344
    This webpage is a known malicious webpage. It is highly recommended that you do NOT visit this page.

    Visit
    Norton
    to learn more about phishing and internet security.

    What can I do please?

    I already installed and donated for your plugin…but seems this is not caught in theĀ  scan….unless it is in one of the skipped file

    • This topic was modified 2 months, 3 weeks ago by  Anti-Malware Admin. Reason: broke links to malicious URL
    • This topic was modified 2 months, 3 weeks ago by  Anti-Malware Admin. Reason: removed malicious links
    #12788

    Anti-Malware Admin
    Key Master

    This URL is already in my latest definitions of DB Injections, but this one looks like it might have been injected directly into your theme’s footer.php file. Can you please send me the footer.php file from your theme so that I can added this new variant to my definition updates. Then it can be automatically removed from any files using my plugin in future scan.

    #12880

    Hi,

    I’ve sent you the footer.php

     

    Not sure if this can help – debugger tools from my website – before prompting the norton blocking.

     

    #12887

    image

    #12909

    Anti-Malware Admin
    Key Master

    Thanks for sending me you footer.php file. Unfortunately this malicious JavaScript was not generated from within that file.

    After seeing that file it is clear that this malicious code is being generated by another file using the wp_footer hook. This could be a rogue plugin file or a hacked WP Core file or maybe even some new filter/action added to the functions.php file.

    Can you send me a list of your plugin (a screenshot of the Installed Plugins page in your wp-admin will do), and a list of all the folders in your /wp-content/plugins/ directory too?

    #12916

     

    #12920

    Anti-Malware Admin
    Key Master

    I’m not sure why some of your posts are not showing anything on this forum but I got your plugin lists and there are a lot of Ad Plugins that I guess you use to generate ad revenue on your site. My first guess is would be that one of those is responsible for adding that propu[.]sh script into your footer. I would suggest that you try deactivating those plugins and then clear your cache and see if that malicious JavaScript still shows up in the HTML of your footer section.

    #13440

    Thank you.
    I will do so and clear the cache from the browser.

    Is there an other kind of cache that I need to clear?

    Regards,

    Chris

    #13793

    Anti-Malware Admin
    Key Master

    If your server has any caching software installed or if you use any caching plugin on your site then you should clear those cache files too. Maybe even disable any server-side caching while you are working on this issue. cache files can preserve the appearance of malicious threats on your site even after you have removed the malicious code.

    #14050

    can someone share example of such plugins?

    #14246

    Anti-Malware Admin
    Key Master

    Here is a list of caching plugins available for WordPress:

    https://wordpress.org/plugins/search/cache/

    All of these, by the nature of what they do, can make it difficult to remove all the malware on your site, as there purpose is to create copies of your site’s generated output (including any output generated by malware) and display that save code (even if it have malware in it).

    Additionally, some of these plugin may interfere with the scan process by intercepting the generated output from the scan results, thereby potentially slowing the scan or sometimes even altering the results before they are displayed.

    Therefore, it is generally advised to disable all caching and delete all cache files before scanning for malware on any site.

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.

Comments are closed.