Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Z
Z
Zkirsanov2017-04-27 11:52:44
Malware
Zkirsanov, 2017-04-27 11:52:44

Can't find "virus" in Wordpress, what's the plan?

Good afternoon!
There is a caching plugin. It creates a cached page, but pulls up a line with external links to it. There were 4 links in total. 2 of them I killed (were encoded in base64). There are 2 more left. I found in the database that they are formed by an SQL query:

Request
SELECT * FROM `information_schema`.`PROCESSLIST` WHERE (CONVERT(`ID` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`USER` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`HOST` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`DB` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`COMMAND` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`TIME` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`STATE` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`INFO` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`TIME_MS` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`ROWS_SENT` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`ROWS_EXAMINED` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`TID` USING utf8) LIKE '%dlandroid24%')

Server: localhost » Database: information_schema » View: PROCESSLIST
Appears in the cached page.
<div style="display:none"><a href="http://dlwordpress.com/">Free WordPress Themes</a>, <a href="https://dlandroid24.com/">Free Android Games</a>

And there are 2 such lines, for 2 external links. I was prompted to find a file with permissions 777, but I xs how to look for it. I started learning php, mysql, etc., and I want to figure it out and fix it myself. But I can not.
Tell me where to dig? For example here:
http://5best.rf

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Sanes, 2017-04-27
@Sanes

Try to check with antivirus. For example AI-bolit

Report
S
SunHere, 2017-06-08
@SunHere

Let's just say that it's not even a virus, but a harmless insertion of your link from distributors of free templates (you know where free cheese happens). Antivirus may not even see this.
I would advise you to carefully study the theme files, especially footer.php
If it does not work out, then you need to carefully study everything. https://kwork.ru/configuration/8190/udalyu-levie-v... - you can use the services to remove such wickedness

Similar questions
S
Sultan652016-01-25 16:21:45
What is an intelligent antivirus (not expensive) for a small organization (10-15 PCs)? 10Reply
S
Sergey2021-09-10 21:14:58
On a poppy, osascript began to pop up wants to make changes, how to get rid of it? 1Reply
I
intTosha2016-02-05 16:45:34
Why are apps installed automatically on android? 1Reply
D
Dmitry X2021-09-20 11:37:44
How to destroy a virus on the network? 1Reply
A
al13932018-06-27 10:55:02
Virus on the hosting in the accesson folder. How to cure? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question