Malware in Wordpress
My site's URL is: http://bit.ly/qcFZgI
Not listed by Google for malware: http://bit.ly/mUkmwS
Screenshot of browser error: http://bit.ly/qxCVAe
Description (including timeline of any changes made): In the last 24-hours Chrome and Firefox have been intermittently reporting malware on my site ( http://bit.ly/qcFZgI ). Google's has not flagged the site ( http://bit.ly/mUkmwS ) and in Google Webmaster tools nothing is detected either. The site is running Wordpress. The two sites that links are being found to are: teenburgmovies [dot] [biz] newportalse [dot] [com]. I cannot find any traces of them through a site search at the file level.
- Webmaster tools not reporting any issue.
- Site is running Wordpress.
- Warning shows up intermittently.
- I have removed a plugin that was installed within the past 24 hours although I did not find malicious code in it. Tweet Old Posts.
- I searched the site to find files modified in the past 4 days. The only malicious code found was:
-- A file named: c5ab6cebaca97f7171139e4d414ff5a6.php, which I removed.
-- I also found a blank file named MJ12_BF5C5B49DA2CE4F7C0838367EE7DE4F7.txt, which I removed).
From the many sites I have read this sounds like it may be the issue, but I cannot find out where the malicious code is living on the site:
Any tips on how to find the malicious code? Despite my efforts the issue is still happening. Since the issue is intermittent I am at the mercy of user reporting. Over the past 24 hours I have only personally received the error once.
/wp-content/plugins/plugin.php. There is a listing for a simple script at http://redleg-redleg.blogspot.com/p/simple-script-to-find-base64decode-in.html which you can place on your site which may be helpful in finding any additional malware files.
I have checked the .htaccess. Will check the others.
THANKS. I will post back later on what I find.
The source of the malware was <site root>/wp-includes/js/l10n.js & <site root>/wp-includes/js/l10n.dev.js
I deleted both and it appears as though the malware warnings are gone.
http://sitecheck.sucuri.net/scanner/ helped me identify the file and confirm the malware is gone.
If I find any new traces I will update this post.
Some community members might have badges that indicate their identity or level of participation in a community.
Member levels indicate a user's level of participation in a forum. The greater the participation, the higher the level. Everyone starts at level 1 and can rise to level 10. These activities can increase your level in a forum:
- Post an answer.
- Having your answer selected as the best answer.
- Having your post rated as helpful.
- Vote up a post.
- Correctly mark a topic or post as abuse.
Having a post marked and removed as abuse will slow a user's advance in levels.
View profile in forum?
To view this member's profile, you need to leave the current Help page.
Report abuse in forum?
This comment originated in the Google Product Forum. To report abuse, you need to leave the current Help page.
Reply in forum?
This comment originated in the Google Product Forum. To reply, you need to leave the current Help page.