Jump to content

JS/Agent.OZD affected my website zoetalentsolutions.com


Go to solution Solved by Marcos,

Recommended Posts

Posted (edited)

Dear Eset members,

Hope you all are doing great. JS/Agent.OZD this virus has been injected in my website, Eset is detecting this virus whenever I'm trying to access my website. I downloaded all the files of my website and scanned with eset but it did not found anything.

I'm trying to understand where exactly this virus has infiltrated my website.

My website zoetalentsolutions.com is in wordpress, any help or guidance from anyone would be helpful.

Thank you

helphelphelp.png

Edited by Danish
mentioning website link
Link to comment
Share on other sites

  • Administrators

In this case search for "/adit/documentation/documentation.php" which will help you locate the malicious JS on your website.

Link to comment
Share on other sites

Dear Marcos,

Can you please elaborate more?

Search  "/adit/documentation/documentation.php" where? 

I checked in website directory but did not find anything.

Can you please explain more.

Thank you

Link to comment
Share on other sites

  • Administrators
  • Solution

You should search in all html and js files, especially those under /wp-content/plugins/...

Link to comment
Share on other sites

Dear marcos,

Thank you for your response and pointing out the malicious code.
I was able to find it in a plugins js files.

and I removed that piece of code. Now it's working fine.

Once again thanks alot.

Link to comment
Share on other sites

  • Most Valued Members
19 hours ago, Danish said:

Dear marcos,

Thank you for your response and pointing out the malicious code.
I was able to find it in a plugins js files.

and I removed that piece of code. Now it's working fine.

Once again thanks alot.

Your website has something exploitable , could be plugins or the wordpress version itself , removing the code might not prevent them from re-injecting it.

Link to comment
Share on other sites

Dear Nightowl,

Yes, I understand. This is a serious issue. But it's very hard for me to findout what exactly is exploitable.
Anyways I purchased wordfence premium plugin which has firewall, it blocks the anonymous requests & I created some rules to block the suspicious requests. 

I'm not sure how far it will help. What do you recommend me to do ?
Any help would be appreciated.

Thanks

Link to comment
Share on other sites

  • Most Valued Members
Posted (edited)
50 minutes ago, Danish said:

Dear Nightowl,

Yes, I understand. This is a serious issue. But it's very hard for me to findout what exactly is exploitable.
Anyways I purchased wordfence premium plugin which has firewall, it blocks the anonymous requests & I created some rules to block the suspicious requests. 

I'm not sure how far it will help. What do you recommend me to do ?
Any help would be appreciated.

Thanks

For sure it's best to keep WordPress updated to the latest version and also to stay away from unmaintained plugins or plugins that are barely updated or that doesn't have security focus

And a firewall should help yes , but it's still a plugin , not as having a dedicated firewall for the server/website but that could be another story

But for the best to keep everything up-to-date

 

I found this : https://wpengine.com/resources/prevent-sql-injection-attack-wordpress/

Edited by Nightowl
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...