• GoDaddy Community
  • Using WordPress

    • Using WordPress

    cancel
    Turn on suggestions
    Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    potentater
    New
    ‎08-13-2018 07:05 PM
    ‎08-13-2018 07:05 PM

    WordPress redirect hack

    Hello,

     

    My WordPress site was hacked with site redirect malware.  I have completely wiped WordPress and the database from the site and installed a fresh copy of WordPress. Several different scans report that the site is clean.

     

    Before I started to restore my content, I poked around to make sure it was clean.  All was well until I accessed the site from a browser that blocks cookies.  When I clicked anywhere on the site, I got a redirect to a baidu spam link.

     

    I then checked out the site code, and I found out why:

    wp-malware.png

    This code checks for a specific cookie.  If it is not there, it sets up a click event listener that opens a new window with a baidu spam link. 

     

    I've gone through every single file that I have access to on my server.  There is no code that matches.  I also checked for blocks of base64 encoded stuff and as near as I can tell, there is also no block of hashed code that could render into.  With a completely clean install, this tells me that the hack may have infected a script or an install on my Linux host that I'm not able to see.  

     

    Anyone have any ideas for me?

    Product:
    0 Kudos
    Reply
    0 REPLIES 0

    You may also like...