Community Forums › Forums › Archived Forums › General Discussion › Help!!! Malware found by Google
- This topic has 6 replies, 3 voices, and was last updated 9 years, 5 months ago by upthink.
-
AuthorPosts
-
June 16, 2015 at 6:09 pm #156456BelindaParticipant
I had Google AdWords running and received an email this morning saying Malicious content had been found and my ads are suspended.
I managed to contact support and they told me the 2 URL's causing the issue which are obviously Ad's of some type but I have no idea which pages or WHERE in my site they are.
I found Sucuri site check and ran that and it said I have no website firewall (didn't know I needed one) and also Website outdated. I don't understand how my site is outdated when WordPress is up to date with all recent updates etc.
I installed Sucuri Security plugin and ran the malware scan and it came back clean.
I don't know what to do now.. Please can anyone help me with this?? My hosting provider can't help me!!
http://www.thetraininglady.comJune 16, 2015 at 6:18 pm #156459WebmasterMemberNever thought AdSense was worth the trouble / clutter, but you may want to study their official answer here:
https://support.google.com/adsense/answer/1378153?hl=en
“If it works, mark the post as [Resolved] so others will feel comfortable trying the solution on their website.“
June 16, 2015 at 6:26 pm #156460BelindaParticipantI'm not asking about AdSense, It's related to AdWords which is a different program (me advertising my site in Google) and the support page about does not help in relation to my issue of locating where the malware is on my site.
June 16, 2015 at 6:43 pm #156463WebmasterMemberYes, well pardon me, as I misread that for sure.
As for your website, I would focus on the "2 URL’s causing the issue."
Additionally...
"I installed Sucuri Security plugin and ran the malware scan and it came back clean."
I doubt anyone here will know more about it than those folks, but I will tell you that the website firewall is a product that they sell. And whether or not it is a good deal, I wouldn't know, but you may want to look at a content delivery network (CDN), such as Cloudflare (https://www.cloudflare.com/). They provide filters and block many known attacks - i.e. firewall capabilities.
Finally, there was a WordPress code issue (cross-site scripting (XSS) vulnerabilities) where many plugins were said to be vulnerable just a month or two ago, so you may also want to scrutinize all of your plugins.
Good luck!
“If it works, mark the post as [Resolved] so others will feel comfortable trying the solution on their website.“
June 16, 2015 at 6:53 pm #156465BelindaParticipantI get Adwords & Adsense mixed up all the time. 🙂
The URL's that Google told me caused the problem both start off with a "http: / / n52adshostnet .com .. No idea where they could be hidden.
Everything I've googled so far pointed me to Sucuri but it came back clear unless I paid for the more intense scan.
I installed iControlWP WordPress Simple Firewall but I've now locked myself out of it after I activated admin access protection to the console, the access key i entered is not working and i can't even remove it now.
I've kept the site up to date with all the patches so not sure how this has happened. I'm not even sure how I "scutinize"my plugins to look for the URL's I've been given. I've run a virus scan through cPanel and everything came back clear.
I'll continue to google until I find an answer and hopefully iControlWP contact me back so i can fix up the plugin.
June 16, 2015 at 9:14 pm #156480WebmasterMemberHave you looked at Acunetix? According to them:
The Acunetix Online Scan performs a full web & network security scan from Acunetix servers. No download or installation is required. The trial scans for all web vulnerabilities but exact location will not be shown. The Network Security Scan will report full details and remains active for an unlimited period. You can scan our test websites to review a sample of web vulnerability scan details.
It's free for 14 days, so maybe you can get some idea from there (since Sucuri Security came up with nothing):
http://www.acunetix.com/vulnerability-scanner/register-online-vulnerability-scanner/
Also, if you delete the iControlWP plugin directory (using FTP) you will at least be able to get back in to your admin area.
And I suppose that in regard to scrutinizing the plugins I meant to go to each author and inquire if they have updated their plugin to address recently discovered cross-site scripting (XSS) vulnerabilities. You might start by searching WordPress's plugins page (https://wordpress.org/plugins/) for each of your plugins. There, you can see the last time that plugin was updated and you will also see the Author(s) on that page.
“If it works, mark the post as [Resolved] so others will feel comfortable trying the solution on their website.“
June 17, 2015 at 12:20 am #156494upthinkParticipantGo through the functions.php file for your theme (both parent genesis and the child theme). I have usually found the malicious code to be inserted there at the top. HOWEVER, there is a good possibility that this is not all and it would be a better idea to do one of the two things below:
1. Restore a clean backup. Upgrade everything and change all passwords.
2. Get an expert to look into it and go over the whole install to clean it up (or look into one of the paid services like Sucuri which keep your website cleaned up for a fixed fee) -
AuthorPosts
- The forum ‘General Discussion’ is closed to new topics and replies.