Danish 0 Posted July 7, 2021 Share Posted July 7, 2021 (edited) Dear Eset members, Hope you all are doing great. JS/Agent.OZD this virus has been injected in my website, Eset is detecting this virus whenever I'm trying to access my website. I downloaded all the files of my website and scanned with eset but it did not found anything. I'm trying to understand where exactly this virus has infiltrated my website. My website zoetalentsolutions.com is in wordpress, any help or guidance from anyone would be helpful. Thank you Edited July 7, 2021 by Danish mentioning website link Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 7, 2021 Administrators Share Posted July 7, 2021 In this case search for "/adit/documentation/documentation.php" which will help you locate the malicious JS on your website. Link to comment Share on other sites More sharing options...
Danish 0 Posted July 7, 2021 Author Share Posted July 7, 2021 Dear Marcos, Can you please elaborate more? Search "/adit/documentation/documentation.php" where? I checked in website directory but did not find anything. Can you please explain more. Thank you Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,277 Posted July 7, 2021 Administrators Solution Share Posted July 7, 2021 You should search in all html and js files, especially those under /wp-content/plugins/... Link to comment Share on other sites More sharing options...
Danish 0 Posted July 7, 2021 Author Share Posted July 7, 2021 Dear marcos, Thank you for your response and pointing out the malicious code. I was able to find it in a plugins js files. and I removed that piece of code. Now it's working fine. Once again thanks alot. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted July 8, 2021 Most Valued Members Share Posted July 8, 2021 19 hours ago, Danish said: Dear marcos, Thank you for your response and pointing out the malicious code. I was able to find it in a plugins js files. and I removed that piece of code. Now it's working fine. Once again thanks alot. Your website has something exploitable , could be plugins or the wordpress version itself , removing the code might not prevent them from re-injecting it. Link to comment Share on other sites More sharing options...
Danish 0 Posted July 8, 2021 Author Share Posted July 8, 2021 Dear Nightowl, Yes, I understand. This is a serious issue. But it's very hard for me to findout what exactly is exploitable. Anyways I purchased wordfence premium plugin which has firewall, it blocks the anonymous requests & I created some rules to block the suspicious requests. I'm not sure how far it will help. What do you recommend me to do ? Any help would be appreciated. Thanks Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted July 8, 2021 Most Valued Members Share Posted July 8, 2021 (edited) 50 minutes ago, Danish said: Dear Nightowl, Yes, I understand. This is a serious issue. But it's very hard for me to findout what exactly is exploitable. Anyways I purchased wordfence premium plugin which has firewall, it blocks the anonymous requests & I created some rules to block the suspicious requests. I'm not sure how far it will help. What do you recommend me to do ? Any help would be appreciated. Thanks For sure it's best to keep WordPress updated to the latest version and also to stay away from unmaintained plugins or plugins that are barely updated or that doesn't have security focus And a firewall should help yes , but it's still a plugin , not as having a dedicated firewall for the server/website but that could be another story But for the best to keep everything up-to-date I found this : https://wpengine.com/resources/prevent-sql-injection-attack-wordpress/ Edited July 8, 2021 by Nightowl Link to comment Share on other sites More sharing options...
Recommended Posts