Answer the question
In order to leave comments, you need to log in
M
M
mrfatis2015-04-25 22:39:13
mrfatis, 2015-04-25 22:39:13
How to cure malicious code?
On the site (wordpres) recmovie.ru there was some strange search string with the ability to enter your value. Tapping "search" redirects to go.mail.ru 
Attempts to find these ominous lines of code were unsuccessful, but here's what we managed to find out:
217.118.92.254:8080/scripts/toolbar.js - the script itself.
recmovie.ru/00214.js is a duplicate.
Location in the code 
Visible only when disguised as a mobile device and loading the page via mobile Internet.
If anyone has dealt with something similar please share your advice. Well, or give a tip in which direction to look.
4 answer(s)
@backflipper
@vilgeforce
S
Sasha Ulych, 2015-04-25 @backflipper
plus for aibolit, it really helps. only the hosting did not pull, I had to check it on the LAN. if you read the report, you can understand where the vulnerability was and cover it up. on our sites, the problem in the old version of the slider was: revolution slider. what caused the malicious code to be uploaded
V
Vladimir Martyanov, 2015-04-25 @vilgeforce
Rearrange from a clean copy. The rest is a lottery game, because no AB gives a 100% guarantee.
Similar questions
D
A
A
C
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question