Post contains a suspected malware URL

Home Forums Support Forum Post contains a suspected malware URL

This topic contains 3 replies, has 2 voices, and was last updated by  Anti-Malware Admin 5 years, 10 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 16, 2020 at 3:07 pm #2410

    Alex Kween
    Member

    Hi Eli.

    Recently I decided to clean all my WP sites and make them more secure. Along your plugin I installed Wordfence, which recently detected this:

    Post contains a suspected malware URL: Fab Fashion Advice From Industry Insiders And Experts

    Type: Content Safety

    >Title: Fab Fashion Advice From Industry Insiders And Experts

    Bad URL: http://www.xcdnko.xyz/
    Posted on: 2018-06-02 11:41:00

    Details: This post contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: http://www.xcdnko.xyz/

    The thing is Wordfence does not have the option to remove the code, and I don’t remember if your plugin detected it, the thing is I still have this malicious code (attached) on more than 3,000 posts!

    I searched for a way to delete it from my posts but have found none.

    Do you think you can add this to your virus definitions so the plugin can remove it?

    Or may be if you can share a Mysql command to find and delete just this code from my posts?

    I’d appreciate any help.

    Let me know your comments and if you need anything else,

    Andres.

    • This topic was modified 5 years, 10 months ago by  Anti-Malware Admin. Reason: removed links
    February 17, 2020 at 1:18 pm #2415

    Anti-Malware Admin
    Moderator

    I have added this threat to my definition updates so that it can now be automatically removed.

    February 24, 2020 at 5:46 am #2428

    Alex Kween
    Member

    Thanks, Eli.

    Sorry to bother you with this but regarding the malicious code injection, I am getting infected right after I clean everything!

    I am trying to find out where this can be coming from but with no success…

    I tried:

    Removing old and unnecessary themes and plugins
    have everything updated and upgraded.

    Optimize Wordfence firewall Deleted public_html/wp-content/cache Install WP optimize and give it a run
    I don’t know where else to look …
    Would you have any idea where is the open door for this code to run?

    February 25, 2020 at 6:10 pm #2429

    Anti-Malware Admin
    Moderator

    If your site is on a shared hosting account then this kind of attack could be coming from any of the other sites on this server, it could even be coming form a site that is not under your account.

    If you have cleaned every site on your account and it still comes back then I would advise that you move your site to am ore secure hosting environment.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Comments are closed.