zaidharis 0 Posted July 18, 2022 Share Posted July 18, 2022 Hi experts, I am very new to coding and I get "server error 5xx" problem, FIRST DETECTED 4/2/22. I contacted my hosting they say it is "JS/Agent.OZD" malware. I would like to explain it from beginnig.My website was first infected with "Japanese kw hack" in which my number of pages reached to 67,000+, I contacted my hosting and upon restoration to previous backupmy website restored to normal. But the GSC showing the same spike of pages. One of expert from GSC says that it will take time to be removed from GSC but now it is the about 5th month and the problem persists.Could you please help me for free to remove this error? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted July 18, 2022 Administrators Share Posted July 18, 2022 Do you need help with locating the malicious JS on your website? If so, what's your website? Link to comment Share on other sites More sharing options...
zaidharis 0 Posted July 18, 2022 Author Share Posted July 18, 2022 I need all the steps. To locate the malicious JS on my website and then to fix it step by step. healthsolutionblog.com, this is my website. I am attaching GSC SS. Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted July 18, 2022 Administrators Share Posted July 18, 2022 What is your website? Its name is cut in the above screenshots. Link to comment Share on other sites More sharing options...
Nevermind 8 Posted July 18, 2022 Share Posted July 18, 2022 (edited) You have bunch of .js files infected on the server. Like this one: .../wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 At the end of infected .js you can find malicious part. Manually cleaning those files wont probably help, there will be infected .php on your server that looks completely different (and its not visible from visitors POV). Moreover err 5xx isnt directly connected to this infection. It was probably caused by some wannabe hacker who got access to your server for free and messed things up (ie via exploitable wp plugin). You need much more than help from this forum Edited July 18, 2022 by Nevermind itman 1 Link to comment Share on other sites More sharing options...
zaidharis 0 Posted July 18, 2022 Author Share Posted July 18, 2022 MARCOS www.healthsolutionblog.com this is my website. Link to comment Share on other sites More sharing options...
zaidharis 0 Posted July 18, 2022 Author Share Posted July 18, 2022 @Nevermind, What should I do then? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted July 18, 2022 Administrators Share Posted July 18, 2022 Remove the malware, upgrade WordPress and plug-ins and take measures to prevent further re-infection. https://quttera.com/detailed_report/www.healthsolutionblog.com Link to comment Share on other sites More sharing options...
zaidharis 0 Posted July 18, 2022 Author Share Posted July 18, 2022 (edited) @Marcos, can you tell me the detailed process of removing this malware? I am new but can dig to theme editor. Edited July 18, 2022 by zaidharis Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted July 18, 2022 Administrators Share Posted July 18, 2022 If you can't remove the malware yourself, you can contact a website cleaning and monitoring service, such as www.sucuri.net. itman 1 Link to comment Share on other sites More sharing options...
itman 1,629 Posted July 18, 2022 Share Posted July 18, 2022 This also might be relevant to your current situation: https://thehackernews.com/2022/07/experts-notice-sudden-surge-in.html Link to comment Share on other sites More sharing options...
Recommended Posts