Sucuri entry/MW:BLK:2 Wordpress

Home Forums Support Forum Sucuri entry/MW:BLK:2 Wordpress

Tagged: , ,

This topic contains 3 replies, has 2 voices, and was last updated by  Nuno Silva 7 years, 7 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • May 29, 2018 at 12:05 am #2108

    Nuno Silva
    Member

    Hello to everyone,

    I have been experiencing a possible hacking in one of my wordpress websites:

    It seems to be very random as i have scanned the website contents dozen of times and all the scanner report a clean result: Virus total, Quttera, Forregenix…, but sometimes Sucuri scanner report an infected website with the following information:

    Javascript: 31wp.org  entry/MW:BLK:2

    If i wait a while and force a rescan, sucuri will give me a clean website but latter on the problem will appear again.

    I have GOTMLS installed on wordpress (last version) with definitions update and also run at least 30 times a complete scan and nothing is detected.

    I also have Wordfence installed, nothing detected.

    The main problem is that i am running some Google Adwords campaigns and they have been already deactivated once because of this problem.

    Anyone with the same problem?

    Thanks,

    Nuno

    May 29, 2018 at 12:34 am #2109

    Nuno Silva
    Member

    *Just an update,

    Scanned now the website with Sucuri and the website show as compromised with malware entry/MW:BLK:2.

    Scanned right away with Quttera, Web inspector (comodo), result clean.

    Forced a new scan with Sucuri, result clean! :O

    Getting crazy here… :/

    May 30, 2018 at 8:15 am #2110

    Anti-Malware Admin
    Moderator

    The MW:BLK:2 is just a generic label that sucuri assigns to that type of infection, it refers to a blacklisted domain used in your site’s code.

    If you click on the details and is says 31wp.org then you would need to look for script references in your site’s HTML that point to 31wp.org. Sucuri has labeled the jquery.js URL at that domain as a malicious threat but that URL does not seem to be working any more anyway so I think your site will be ok. Just just the page content for script tags and make sure your theme does not refer to 31wp.org in the header.php or footer.php files.

    May 31, 2018 at 10:44 pm #2111

    Nuno Silva
    Member

    Good morning and thank you for your quick support,

    I have scanned a few time all the files contents of the website looking for that specific entry and nothing.

    Header and footer are clean, checked with GOTMLS complete scan and nothing.

    The strangest thing is Sucuri popup the problem very randomly.

    Don´t know where else to look.

    Thanks,

    Nuno

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Comments are closed.