Jump to content

JS/Agent.OZD affected my website zoetalentsolutions.com

Danish
 Share
Go to solution Solved by Marcos,

Recommended Posts

Danish

Danish 0

Posted
Posted (edited)

Dear Eset members,

Hope you all are doing great. JS/Agent.OZD this virus has been injected in my website, Eset is detecting this virus whenever I'm trying to access my website. I downloaded all the files of my website and scanned with eset but it did not found anything.

I'm trying to understand where exactly this virus has infiltrated my website.
My website zoetalentsolutions.com is in wordpress, any help or guidance from anyone would be helpful.

Thank you

helphelphelp.png

Edited by Danish
mentioning website link
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

In this case search for "/adit/documentation/documentation.php" which will help you locate the malicious JS on your website.

Link to comment
Share on other sites
Danish

Danish 0

Posted
  • Author
Posted

Dear Marcos,

Can you please elaborate more?

Search  "/adit/documentation/documentation.php" where? 

I checked in website directory but did not find anything.

Can you please explain more.

Thank you

Link to comment
Share on other sites
  • Administrators
  • Solution
Marcos

Marcos 5,074

Posted
  • Administrators
  • Solution
Posted

You should search in all html and js files, especially those under /wp-content/plugins/...

Link to comment
Share on other sites
Danish

Danish 0

Posted
  • Author
Posted

Dear marcos,

Thank you for your response and pointing out the malicious code.
I was able to find it in a plugins js files.

and I removed that piece of code. Now it's working fine.

Once again thanks alot.

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted
19 hours ago, Danish said:

Dear marcos,

Thank you for your response and pointing out the malicious code.
I was able to find it in a plugins js files.

and I removed that piece of code. Now it's working fine.

Once again thanks alot.

Your website has something exploitable , could be plugins or the wordpress version itself , removing the code might not prevent them from re-injecting it.

Link to comment
Share on other sites
Danish

Danish 0

Posted
  • Author
Posted

Dear Nightowl,

Yes, I understand. This is a serious issue. But it's very hard for me to findout what exactly is exploitable.
Anyways I purchased wordfence premium plugin which has firewall, it blocks the anonymous requests & I created some rules to block the suspicious requests. 

I'm not sure how far it will help. What do you recommend me to do ?
Any help would be appreciated.

Thanks

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted (edited)
50 minutes ago, Danish said:

Dear Nightowl,

Yes, I understand. This is a serious issue. But it's very hard for me to findout what exactly is exploitable.
Anyways I purchased wordfence premium plugin which has firewall, it blocks the anonymous requests & I created some rules to block the suspicious requests. 

I'm not sure how far it will help. What do you recommend me to do ?
Any help would be appreciated.

Thanks

For sure it's best to keep WordPress updated to the latest version and also to stay away from unmaintained plugins or plugins that are barely updated or that doesn't have security focus

And a firewall should help yes , but it's still a plugin , not as having a dedicated firewall for the server/website but that could be another story

But for the best to keep everything up-to-date

 

I found this : https://wpengine.com/resources/prevent-sql-injection-attack-wordpress/

Edited by Nightowl
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...