Skip to main content
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
BennyK
Helper I

Recieved e-mail from Go Daddy saying they found malware on my host site (WP)

Then, Please sign in to your hosting account and review the following content and remove or fix the files listed

 

Lists 12 files

 

1st one is html/.htaccess

 

at end says call our security experts at 480-366-3501

 

I immediately changed my Wordpress password

I don't know how to remove files and could wreck the site if I try.

Is this legit?

Google safe browsing says my site is clean

 

Please inform.

5 REPLIES 5
webscouts
New

Start here with a scan.  https://sitecheck.sucuri.net/     They can also clean your site for you. 

Known Spam detected. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?spam-seo.spammy_keywords.1.103
<title>Online Pharmacy - No Prescription | Cialis Quale Dose</title>

"Online Pharmacy- No Prescription/ Cialis Quale"..SEO Spam

 

That is what a free securi scan found on my WP site.

 

Can anyone tell me how this happened and if this is dangerous?

 

I changed my WP log in password which was already very strong.   Is there another password somewhere I am not thinking about which should be changed?  I'm not that tech savvy.

 

Thanks for any help

Yes, this is a big problem, and changing your password will do nothing to solve the problem. That someone has changed your .htaccess file means they very likely have full uninhibited access to your server and can do whatever the hell they want with it.

 

Somewhere, somehow, someone has found a vulnerability in the code of your website or the operating system of the server and exploited it to inject code into your website. If someone can use your site to redirect folks to pharma spam, it can just as easily direct your site visitors to sites that inject malware into their computers. Google and other search engines will also de-list your site if you don't resolve it quickly.

 

This is also a big flag that says "hey everyone, my site is compromised!" which attracts other hackers to exploit your server and hijack it to send spam, execute ddos attacks, host malware, etc.. If you have any sensitive data on your website or connected services (PII, credit card info, personal files, etc) that data is at risk. Your site is also at risk of being totally trashed. And your visitors are also at risk of malware attacks.

 

You need to identify and fix whatever security hole that the hackers used to mess with your site, remove any malicious code that may have been added to existing files, and remove any files created by this attack. If you can wipe everything and restore from a known good backup, that would be a good start, then you'd just have to identify and patch whatever security hole.

 

Additionally, you should also update all of your plugins, themes, and WordPress core, and delete any old plugins or themes that you are not using. It would also be good to change the database passwords, login passwords, ftp passwords, etc. but bear in mind that password changing is useless if your site is still compromised and has vulnerabilities. You should also change your file and folder permissions using FTP or SSH to ensure that they are at an appropriate level of permission for the given folder.

 

After you have done the full cleanup, you should look into hardening WordPress. They have a great information page that outlines the best practices and procedures: https://codex.wordpress.org/Hardening_WordPress

 

If you don't know how to do any of this, I believe godaddy offers a service that will do it for you for a fee. Sucuri also offers a paid service as well.

 

 

This has been fixed. I paid Go Daddy the $89. for cleaning and one year of monitoring. All passwords have been changed.

 

My Wordpress site is a site for parking and information it is not an active blog.

 

Hence I had lots of old themes and plug ins not updated for a long long  time which caused this

The site is now clear from a Securi  free scan as well. (It was not before).

 

So I have learned to log in at least once a week and make sure all is updated.

 

Thanks

Good work, glad to hear it was resolved. These things can be a real pain in the butt. Cheers!