Home › Forums › Support Forum › this website may be hacked; notification
This topic contains 3 replies, has 3 voices, and was last updated by Anti-Malware Admin 7 years, 5 months ago.
-
AuthorPosts
-
May 18, 2017 at 9:32 am #1870
Hello!
I have the notification: ‘this website may be hacked’ from google for 6 sites…
And in the google webmaster search consol; security, I found the urls who are directed to spamsites. So I used your plugin and scanned the site, it found some treatsand i automatically fixed them. But if I go to one of the urls google said who were made, they still excist and get redirected to the spamsite.
What do I need to do?Thanks in advance!
May 18, 2017 at 9:39 am #1871Did you scan again to make sure that the site is all clean (sometimes the hacked files are timed to come back if the original exploit is still presents)?
Also, make sure you don’t have any caching enabled (cached files might still show old threats that have already been removed).
If you are sure that there are no more threats and no caching then please email me a link to the infected pages so that I can inspect them (please don’t post the link on the forum).
June 2, 2017 at 4:45 pm #1903I installed your plugin after reading the great reviews. My site has been hacked with URL injections and redirections. Your full scan located 24 back doors and 16 known threats. I hit the fix button and it said that it fixed it. However as I was reading one of your forums it was suggested to run the scan again and it looks like it will find about the same amount of threats and backdoors again… Why is this?
Also… is the code deleted off the files on the server/host from the plugin in my wordpress site or was I supposed to go and try to locate the code in there and delete it?
katrine
June 2, 2017 at 10:15 pm #1904You can click on the files listed on the scan results to see the contents and highlight the malicious code in those files that will be removed when you click the Automatic Fix button. After you run the Automatic Fix you can view the contents again to see that the malicious code was removed. If you keep checking those files and you find that they are in fact getting reinfected with the same threats sometime after the cleaning then you will need to look for the source of the infection or the security hole that is letting in this threat.
You should check the access_log files on your server to see what activity was taking place at the exact time of the infection (the modified timestamp of the corresponding files).
If there was nothing in your log files for that oresponding time then the infection is likely spreading from another site on the same server, possibly someone else’s site that is not even on your account. Shared hosting account are not sure and are one of the easiest ways for hacker to infect many sites with attack on a single vulnerability on your server.
-
AuthorPosts
You must be logged in to reply to this topic.