An unknown file is being connected. How to get rid?

D

Dima2015-08-12 23:35:51

Malware

Dima, 2015-08-12 23:35:51

Hello. For a week or even more, I notice that some third-party js file is connected to the head of the site . It is not registered anywhere in the theme functions, but it is in the header.php file. But even after deleting the line, after some time it reappears (with a different domain).

The behavior of the site (at least for me) is not affected in any way. However, some users have addressed the problem of unavailability. When visiting them, they just redirected to another site, and some of them got this warning:

What can cause this file to be connected and how to get rid of it once and for all? I would be grateful for any help or thoughts about this case.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

S

Sergey Kovalev, 2015-08-13
@avbrugen

Install the latest updates on WordPress and plugins for it, change passwords on the admin panel. You are automatically broken.

O

one pavel, 2015-08-12
@onepavel

use chistilka.com

V

Vladimir Martyanov, 2015-08-13
@vilgeforce

Isn't that browser dependent? Use wget to request the page and see what's there.

E

egocentrist, 2015-08-13
@egocentrist

I think if you disable writing in header.php to unprivileged (and in general, sort out the rights) users like nobody, and www, then the problem will disappear.
Look for the backdoor, this article will help in scripts , change all passwords (ftp, admin, etc.) and monitor the patient.

@

@prografika, 2017-09-03
_

In general, you need to update everything and look for the rest of the backdoor. A more complicated option is to look at which plugins, which holes are in them, which of the plugins are outdated and need to be replaced. In general, there are at least a dime a dozen methods, you need to look at each specific case.