Home › Forums › Support Forum › Rogue feed keeps appearing
This topic contains 7 replies, has 2 voices, and was last updated by Anti-Malware Admin 9 years ago.
-
AuthorPosts
-
December 3, 2015 at 1:02 am #1329
Hi Eli,
I have installed your great plugin and it seems to have cleaned my site to a degree. I do however keep being attacked by what appears to be a rogue RSS feed (I am actually a novice so not sure if this is the case.)
Even after the scan it still appears and I’m going crazy. Could you tell me why this is?
Thanks.
Vimal.
December 3, 2015 at 10:23 am #1330It looks like your theme’s header.php file is still infected. If you can send me a copy of this infected file then I will add it to my definition updates so that it too can be automatically removed.
December 3, 2015 at 10:32 am #1331Hi,
Thanks for the reply. Do you want me to copy the code from the wordpress site and paste it in to this chat, email it to you or would you like me to set you as a temporary admin user to the site so you can access?
December 3, 2015 at 11:02 am #1332You can paste the contents into this forum topic or reply directly to my email. Thanks!
December 3, 2015 at 11:08 am #1333I think this is the right bit of code. I’ve responded to your email too.
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml” <?php language_attributes(); ?>>
<head profile=”http://gmpg.org/xfn/11″>
<meta http-equiv=”Content-Type” content=”<?php bloginfo(‘html_type’); ?>; charset=<?php bloginfo(‘charset’); ?>” />
<title>
<?php if ( is_home() ) { ?><?php bloginfo(‘description’); ?> » <? bloginfo(‘name’); ?><?php } ?>
<?php if ( is_search() ) { ?><?php echo $s; ?> » <? bloginfo(‘name’); ?><?php } ?>
<?php if ( is_single() ) { ?><?php wp_title(”); ?> » <? bloginfo(‘name’); ?><?php } ?>
<?php if ( is_page() ) { ?><?php wp_title(”); ?> » <? bloginfo(‘name’); ?><?php } ?>
<?php if ( is_category() ) { ?>Archive <?php single_cat_title(); ?> » <? bloginfo(‘name’); ?><?php } ?>
<?php if ( is_month() ) { ?>Archive <?php the_time(‘F’); ?> » <? bloginfo(‘name’); ?><?php } ?>
<?php if ( is_tag() ) { ?><?php single_tag_title();?> » <? bloginfo(‘name’); ?><?php } ?>
<?php if ( is_404() ) { ?>Sorry, not found! » <? bloginfo(‘name’); ?><?php } ?>
</title>
<link rel=”stylesheet” href=”<?php bloginfo(‘stylesheet_url’); ?>” type=”text/css” media=”screen” />
<link rel=”alternate” type=”application/rss+xml” title=”RSS Feed” href=”<?php bloginfo(‘rss2_url’); ?>” />
<link rel=”pingback” href=”<?php bloginfo(‘pingback_url’); ?>” />
<link rel=”stylesheet” type=”text/css” href=”<?php bloginfo(‘template_directory’); ?>/lib/superfish.css” media=”screen”>
<script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/lib/js/jquery-1.2.6.min.js”></script>
<script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/lib/js/superfish.js”></script>
<script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/lib/js/supersubs.js”></script>
<script type=”text/javascript”>
$(document).ready(function(){
$(“ul.sf-menu”).supersubs({
minWidth: 12, // minimum width of sub-menus in em units
maxWidth: 27, // maximum width of sub-menus in em units
extraWidth: 1 // extra width can ensure lines don’t sometimes turn over
// due to slight rounding differences and font-family
}).superfish();
});
</script>
<?php if (is_singular()) wp_enqueue_script( ‘comment-reply’ ); wp_head(); ?>
</head>
<body>
<div id=”page”>
<div id=”header”>
<ul id=”menu” class=”sf-menu clearfix”>
<li class=”cat_item<?php if(is_home()) echo ‘ current-cat’; ?>”><a href=”<?php bloginfo(‘url’); ?>”>Home</a></li>
<?php wp_list_categories(‘title_li=&sort_column=menu_order’); ?>
</ul>
<a href=”http://www.fx4sight.com/wp-content/uploads/2014/08/image1.png”><img src=”http://www.fx4sight.com/wp-content/uploads/2014/08/image1.png” alt=”image” width=”270″ height=”110″ class=”aligncenter size-full wp-image-3811″ /></a>
<div id=”rss”>
<a href=”<?php bloginfo(‘rss2_url’); ?>”>Subscribe to RSS Feed</a>
</div>
</div><!– end header –>
December 3, 2015 at 12:20 pm #1334It looks like you have already removed the threat from this file. This code looks clean and your site is not showing those malicious links any more.
Did you use my plugin to remove the infection from the header.php file, or did you remove it manually?
December 3, 2015 at 12:23 pm #1335I didn’t do anything other than copy the code. The strange this is I ran your scan earlier today and the malicious code still showed up on the site. When I just checked, it had gone.
If it reappears, shall I let you know and perhaps give you an admin login?
I’m happy to donate should this be the case.
December 3, 2015 at 2:30 pm #1336If you are using caching of any kind that may have resulted in the malicious code appearing on your site long after you had removed it with my plugin.
In any case it looks like you are all good now. Feel free to contact me again if it comes back, and yes, please donate if you can
-
AuthorPosts
You must be logged in to reply to this topic.