• AÉZA — CLOUD SERVERS FROM 0.02€/HOUR WITH ANTIDDOS PROTECTION

  • You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

[ISSUE] Website redirecting to strange urls

FocusOnGoodThings

FocusOnGoodThings

Active member
Jul 2, 2020
115
207
43
I have a wordpress website...

since past few days, it is redirecting to some strange URLs. I have not added any plugin since last about 45-50 days. But problem has started since last 10-20 days

There are some nulled plugin on my website, but all are downloaded from this website ( AND I TRUST THIS WEBSITE VERY WELL )

before uploading plugin i scan it with my paid antivirus software and at virustotal.com

in the source url of each website below thing comes

Screenshot_1024.png

i downloaded STRING LOCATOR wordpress plugin and searched above URL in it........i searched in THEME and ALL PLUGINS, but above url was not located anywhere... so i was not able to delete it

every time i restore from my past backup, it creates same problem after 5-8 days.

can anybody please help in solving this issue?

i have around +100 pages and it is very time consuming to delete above URL from each website. And even after deleting i am not sure, problem will come again or not

any suggestion..........please help


🙏🙏🙏🙏🙏🙏🙏🙏
 
It's definitely malware, just search for "transandfiestas" on Google and the results will tell you it's malware. That, by the way, is also the suggested method for trying to locate where the malware script originates from: don't search for the complete url, but just for "transandfiestas" or even a shorter unique identifier.
 
FocusOnGoodThings said:
I have a wordpress website...

since past few days, it is redirecting to some strange URLs. I have not added any plugin since last about 45-50 days. But problem has started since last 10-20 days

There are some nulled plugin on my website, but all are downloaded from this website ( AND I TRUST THIS WEBSITE VERY WELL )

before uploading plugin i scan it with my paid antivirus software and at virustotal.com

in the source url of each website below thing comes

Screenshot_1024.png

i downloaded STRING LOCATOR wordpress plugin and searched above URL in it........i searched in THEME and ALL PLUGINS, but above url was not located anywhere... so i was not able to delete it

every time i restore from my past backup, it creates same problem after 5-8 days.

can anybody please help in solving this issue?

i have around +100 pages and it is very time consuming to delete above URL from each website. And even after deleting i am not sure, problem will come again or not

any suggestion..........please help


🙏🙏🙏🙏🙏🙏🙏🙏
Click to expand...
I am Help Send PM.
 
I know sucuri has a free plugin that can help with scanning, there might be something hidden that isn't as obvious but maybe it can help see it. Have you added anyone to the admin list?
 
Please take a look at these resources:

1. https://txnkaro.com/blog/how-to-clean-js-donatelloflowfirstly-ga-virus-from-wordpress-site/

2. https://github.com/kn1g/sleeepHackWordpress (Mostly for more info about the infection but no solution listed)

3. https://www.wikilogy.com/wordpress-wp-vcd-php-wp-tmp-php-wp-feed-php-removal/

4. https://wordpress.org/support/article/faq-my-site-was-hacked/

Let us know if you ever solve this problem and the steps you took to solve it. It would be a good reference if ever someone else gets this same/similar virus.
 
if you used cracked plugins and such, they might be injected with malicious code. If so, there might be more malicious codes that you haven't realized yet.
 
k2adir said:
if you used cracked plugins and such, they might be injected with malicious code. If so, there might be more malicious codes that you haven't realized yet.
Click to expand...

All cracked plugins are downloaded from this website. And I trust this website very much

Also, before upload I scan with virustotal.com and my paid antivirussoftware
 
UPDATE: I had 3 months old backup on my VPS snapshot and I restoured it

TOUCHWOOD: since last 3-4 days no issue is detected by WORDFENCE plugin........finger crossed :)
 
You must log in or register to reply here.

Similar threads

Riddik
How to Fix Speed Index issue on Wordpress Website?
Replies
21
Views
748
Website Support & Development
getthecodenow
G
dotpen
Need urgent help on website site-wide issue on my website.
Replies
3
Views
1K
Website Support & Development
dotpen
dotpen
Ameni
WP Rocket Issue - Downloading file instead of loading website
Replies
5
Views
2K
Website Support & Development
largoembargo690
L
abdurcse04
[Request] I have a big two problems! website issue.
Replies
25
Views
5K
Website Support & Development
Vikku
V
muratahmuslav
WooCommerce Front Login (Design Issue)
Replies
0
Views
324
Website Support & Development
muratahmuslav
muratahmuslav

Latest posts

Forum statistics

Threads
79,300
Messages
1,138,594
Members
247,806
Latest member
abhaseeb404

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock