Good evening. I just detected today that I was hacked. In looking at Sucuri, http://sitecheck.sucuri.net/results/www.houseoffilms.com
It mentions details that I cannot find anything identical in the search forums. I have searched throughout the site php files and cannot find such links. Not sure if it is coming from a plugin. I scanned with your tool, and it comes back clean. Any suggestions? Thanks
This looks like an old threat. I’m surprised my plugin did not find it. Have you downloaded the latest Definition Updates?
If you want me to take a look at this for you I’ll need you to send me your WP Admin login. You email me directly: eli AT gotmls DOT net
Aloha, Eli
Thanks. I just downloaded the definitions and am in the process of rescanning. Will let you know what it comes back with. I will scan the website, content and plugins and report back. Thanks
So the report shows the following below. Is the plugin the cause?
Backdoor Scripts is the first one and Known Threats are the rest.
/home/content/30/8669930/html/wp-content/plugins/backupcreator/backupcreator.php
/home/content/30/8669930/html/wp-content/themes/framerate/functions.php
/home/content/30/8669930/html/wp-content/themes/twentyeleven/functions.php
/home/content/30/8669930/html/wp-content/themes/twentyten/functions.php
/home/content/30/8669930/html/wp-content/themes/twentythirteen/functions.php
/home/content/30/8669930/html/wp-content/themes/twentytwelve/functions.php
The backdoor was probably used to infect all your themes, but I can’t be sure how that plugin file got a back door in it.
You should remove all those threats and the click the small link on securi to “Force Re-scan” just to make sure we got them all.
Let me know if you find more problems that you need help with.
Aloha, Eli
Good morning. Thank you for the info. Where is that “force re-scan” link as I cannot find it? Thanks
The sucuri.net scan results are cached, so it will not automatically update to reflect the changes you have made to your site. The “Force a Re-scan” link is at the bottom of the scan results, just above the heading “Scan Another Site”.
Hey Eli
I need some assistance with MW:SPAM:SEO removal. Sucuri has found numerous instances on my site. I will donate and whatever I need to and need some advice into the future for a number of my other site.
thanks
Hey Chris,
Thanks for sending me you login info. I just ran a Quick Scan on your themes and it found the malicious ‘b_goes’ function used to handle output buffers. This code was added to the functions.php file in all 7 of your themes. I applied the Automatic Fix which successfully removed the malicious code from all 7 infected files and now this site is clean.
This type of infection usually gets in from a vulnerability on another site on the same shared hosting server. Most shared hosting plans have no cross contamination security at all such that a single site’s weakness can be exploited by hackers to infect other sites on your account and sometimes even other accounts on the same server.
I am running a Complete Scan now on all the sites in the html directory. There are a lot of sites in this account so it looks like it will take about an hour to Scan them all but it has already found and fixed infected files on another site. I will follow-up with you directly via email when the scan is complete.
Hi Eli,
I am having the same problem as Chris with the MW SEO malware. I ran a scan and it turned up 7 potential threats as well as quarantined malware in my header.php. I am willing to send you my login credentials as well as make a donation if you can clean this up for me. I look forward to your response. God bless.
Ryan
Ryan,
If you quarantined the threat in the header than you probably got the bad guy already. Your site looks clean to me.
If you have any reason to believe your site is still infected then send me your login info and I’ll take a look.
Aloha, Eli
Hi Admin,
I am currently having the same issue spam mw:spam:seo according to sucuri on my site at https://sitecheck.sucuri.net/results/thegeekiepedia.com. After which I ran a scan on the site using Anti-malware latest definition but could not fix the issue. Please could you help take a look in to this in the mean time?
I am currently having the same issue spam mw:spam:seo according to sucuri on my site at https://sitecheck.sucuri.net/results/thegeekiepedia.com. After which I ran a scan on the site using Anti-malware latest definition but could not fix the issue. Please could you help take a look in to this in the mean time?
