Hello to everyone,
I have been experiencing a possible hacking in one of my wordpress websites:
It seems to be very random as i have scanned the website contents dozen of times and all the scanner report a clean result: Virus total, Quttera, Forregenix…, but sometimes Sucuri scanner report an infected website with the following information:
Javascript: 31wp.org entry/MW:BLK:2
If i wait a while and force a rescan, sucuri will give me a clean website but latter on the problem will appear again.
I have GOTMLS installed on wordpress (last version) with definitions update and also run at least 30 times a complete scan and nothing is detected.
I also have Wordfence installed, nothing detected.
The main problem is that i am running some Google Adwords campaigns and they have been already deactivated once because of this problem.
Anyone with the same problem?
Thanks,
Nuno
*Just an update,
Scanned now the website with Sucuri and the website show as compromised with malware entry/MW:BLK:2.
Scanned right away with Quttera, Web inspector (comodo), result clean.
Forced a new scan with Sucuri, result clean! :O
Getting crazy here… :/
The MW:BLK:2 is just a generic label that sucuri assigns to that type of infection, it refers to a blacklisted domain used in your site’s code.
If you click on the details and is says 31wp.org then you would need to look for script references in your site’s HTML that point to 31wp.org. Sucuri has labeled the jquery.js URL at that domain as a malicious threat but that URL does not seem to be working any more anyway so I think your site will be ok. Just just the page content for script tags and make sure your theme does not refer to 31wp.org in the header.php or footer.php files.
Good morning and thank you for your quick support,
I have scanned a few time all the files contents of the website looking for that specific entry and nothing.
Header and footer are clean, checked with GOTMLS complete scan and nothing.
The strangest thing is Sucuri popup the problem very randomly.
Don´t know where else to look.
Thanks,
Nuno