zaidharis 0 Posted July 18 Share Posted July 18 Hi experts, I am very new to coding and I get "server error 5xx" problem, FIRST DETECTED 4/2/22. I contacted my hosting they say it is "JS/Agent.OZD" malware. I would like to explain it from beginnig.My website was first infected with "Japanese kw hack" in which my number of pages reached to 67,000+, I contacted my hosting and upon restoration to previous backupmy website restored to normal. But the GSC showing the same spike of pages. One of expert from GSC says that it will take time to be removed from GSC but now it is the about 5th month and the problem persists.Could you please help me for free to remove this error? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,285 Posted July 18 Administrators Share Posted July 18 Do you need help with locating the malicious JS on your website? If so, what's your website? Quote Link to comment Share on other sites More sharing options...
zaidharis 0 Posted July 18 Author Share Posted July 18 I need all the steps. To locate the malicious JS on my website and then to fix it step by step. healthsolutionblog.com, this is my website. I am attaching GSC SS. Thanks Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,285 Posted July 18 Administrators Share Posted July 18 What is your website? Its name is cut in the above screenshots. Quote Link to comment Share on other sites More sharing options...
Nevermind 4 Posted July 18 Share Posted July 18 (edited) You have bunch of .js files infected on the server. Like this one: .../wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 At the end of infected .js you can find malicious part. Manually cleaning those files wont probably help, there will be infected .php on your server that looks completely different (and its not visible from visitors POV). Moreover err 5xx isnt directly connected to this infection. It was probably caused by some wannabe hacker who got access to your server for free and messed things up (ie via exploitable wp plugin). You need much more than help from this forum Edited July 18 by Nevermind itman 1 Quote Link to comment Share on other sites More sharing options...
zaidharis 0 Posted July 18 Author Share Posted July 18 MARCOS www.healthsolutionblog.com this is my website. Quote Link to comment Share on other sites More sharing options...
zaidharis 0 Posted July 18 Author Share Posted July 18 @Nevermind, What should I do then? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,285 Posted July 18 Administrators Share Posted July 18 Remove the malware, upgrade WordPress and plug-ins and take measures to prevent further re-infection. https://quttera.com/detailed_report/www.healthsolutionblog.com Quote Link to comment Share on other sites More sharing options...
zaidharis 0 Posted July 18 Author Share Posted July 18 (edited) @Marcos, can you tell me the detailed process of removing this malware? I am new but can dig to theme editor. Edited July 18 by zaidharis Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,285 Posted July 18 Administrators Share Posted July 18 If you can't remove the malware yourself, you can contact a website cleaning and monitoring service, such as www.sucuri.net. itman 1 Quote Link to comment Share on other sites More sharing options...
itman 1,407 Posted July 18 Share Posted July 18 This also might be relevant to your current situation: https://thehackernews.com/2022/07/experts-notice-sudden-surge-in.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.