Jump to content

Server error 5xx, (My hosting provider says your website is infected with "JS/Agent.OZD")


Recommended Posts

Hi experts, I am very new to coding and I get "server error 5xx" problem, FIRST DETECTED 4/2/22. I contacted my hosting they say it is "JS/Agent.OZD" malware. I would like to explain it from beginnig.My website was first infected with "Japanese kw hack" in which my number of pages reached to 67,000+, I contacted my hosting and upon restoration to previous backupmy website restored to normal. But the GSC showing the same spike of pages. One of expert from GSC says that it will take time to be removed from GSC but now it is the about 5th month and the problem persists.Could you please help me for free to remove this error? 

Link to comment
Share on other sites

  • Administrators

Do you need help with locating the malicious JS on your website? If so, what's your website?

Link to comment
Share on other sites

I need all the steps. To locate the malicious JS on my website and then to fix it step by step. 

healthsolutionblog.com, this is my website. I am attaching GSC SS.

Thanks

5xx.png

5xx2.png

Link to comment
Share on other sites

You have bunch of .js files infected on the server. Like this one:
.../wp-includes/js/jquery/ui/core.min.js?ver=1.13.1

At the end of infected .js you can find malicious part. Manually cleaning those files wont probably help, there will be infected .php on your server that looks completely different (and its not visible from visitors POV).

Moreover err 5xx isnt directly connected to this infection. It was probably caused by some wannabe hacker who got access to your server for free and messed things up (ie via exploitable wp plugin). You need much more than help from this forum :)

 

Edited by Nevermind
Link to comment
Share on other sites

Posted (edited)

@Marcos, can you tell me the detailed process of removing this malware? I am new but can dig to theme editor.

Edited by zaidharis
Link to comment
Share on other sites

  • Administrators

If you can't remove the malware yourself, you can contact a website cleaning and monitoring service, such as www.sucuri.net.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...