General discussion

Malware in Website

can anyone help me my website is infected with this type of malware rogueads.unwanted_ads

Link to infected web site removed by moderator.

Post was last edited on August 2, 2019 7:17 AM PDT

Discussion is locked

Reply to: Malware in Website
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Malware in Website
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Re: website infected

Restore the programs on the website (not the database if it uses one) from a recent backup or from your local copy, or even from your test environment. If you don't have anything like that (why not?), then check all files and remove the ones you didn't put there yourself, or that were modified later.

Contact the hosting provider about their protection policies, like do they scan your site or how to scan it yourself. If you feel this is not adequate, find a better hoster.

- Collapse -
Patch th server and restore the site

I don't really have to look thoroughly into this. But let me tell you about the pitfalls of using a cms like wordpress.
1. The code is exposed. Hackers can obtain copies, and find the exploits.
2. Servers are set up generically. Nobody can really anticipate what the customer installs on the website, so its better to review what the site uses, and disable modules not used.

other thoughts, its wordpress. problem with wordpress it uses php-xml module. XML was added to the http spec in http1.1, along with http forms, but it has its pitfalls and security issues. This is where this most likely came in.

So, its hard to protect yourself from the XSLT exploit, there is an ecommerce module out there that when its integrated with wordpress, an xml query can reveal database logins.

Wordpress uses get, post and head methods, other xml-http transport methods should be disabled (delete, put (which is what they usually use to write the malware to your drive), trace, connect)) This should prevent them from remote writes using wget.

The web wasn't designed to take user input. So until they get rid of html and xml it will have issues.

- Collapse -
Same issue on my Website

Since the last 2 month, I was facing such issue like whenever I click on my website it will redirect some Chinese e-commerce website and showing ads so after that I tell this issue to my developer friend and he told me that you should add Wordfence Plugin your website after this all the malware was clear.

Irrelevant link removed by moderator.

Post was last edited on December 2, 2019 3:26 AM PST

CNET Forums

Forum Info