cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

WP site getting redirected to cpmatik and then a betting site.

When I load my website, www.nandanjha.com, it comes for a second or two and then it gets redirected to some spam site, then to cpmatik.com and finally landing at oleobet.com

 

On subsequent loads it stays at nandanjha.com. I can't seem to find any malicious file, have updated my theme to latest WP 2015 version. checked header.php and footer.php, no luck.

 

I have hosted a few more sites and this problem is with every site. htaccess at the root folder of nandanjha.com seems fine too.

 

Any leads on this one pls.

1 ACCEPTED SOLUTION

I'm still working on removing all the malicious codes. I think I'm very close to eliminating it completely. I will share what I did if I successfully eliminate the redirects. 
Meanwhile, please scan your websites with the following online tools and share your results.

https://sitecheck.sucuri.net/
https://quttera.com/website-malware-scanner
https://www.virustotal.com/

Sucuri is the most reliable one.
Also, read the following articles for more info.

 

https://blog.sucuri.net/2018/08/massive-wordpress-redirect-campaign-targets-vulnerable-tagdiv-themes...

 

https://blog.quttera.com/post/malware-analysis-of-the-infection-injected-via-security-vulnerability-...

 

Contact Godaddy and they will tell you to buy their security tools.

View solution in original post

6 REPLIES 6

This is BS. All of my Godaddy wordpress sites have been hit by this virus too. Please help!

I have the same problem. And don't expect Godaddy to help. I had contacted them and they were trying to sell me some crappy program instead of resolving the issue. I had figured out a few things and removed like 982 lines of malicious codes from my website. Do you use any of the following two?
1. Div Themes
2. Ultimate Members 

Ultimate members one of them.

I'm still working on removing all the malicious codes. I think I'm very close to eliminating it completely. I will share what I did if I successfully eliminate the redirects. 
Meanwhile, please scan your websites with the following online tools and share your results.

https://sitecheck.sucuri.net/
https://quttera.com/website-malware-scanner
https://www.virustotal.com/

Sucuri is the most reliable one.
Also, read the following articles for more info.

 

https://blog.sucuri.net/2018/08/massive-wordpress-redirect-campaign-targets-vulnerable-tagdiv-themes...

 

https://blog.quttera.com/post/malware-analysis-of-the-infection-injected-via-security-vulnerability-...

 

Contact Godaddy and they will tell you to buy their security tools.

View solution in original post

Thank you Jeevesh. I was able to recover my simplest site of all since it was using the WP default theme. I cleaned up

1. .htaccess file at my root as well as site-folder-root

2. Through sucuri Wordpress integrity check, replaces the .js files where the rogue code was inserted.

3. Recovered an older copy of my database. In all posts, there was a script tag at the end of it. I lost some comments but thats fine.

4. Changed the Theme since it was on the default theme and I didn't do any customisations.

 

For my primary site, I did 1,2 and 3 and

5. cleaned up header.php file in my theme

 

I did delete few files here and there, do not know how much of that was needed. But the problem is still there. If I scan my site at sucuri (https://sitecheck.sucuri.net/)  it is not able to detect any malware. I will try it on other links too.

 

I would read up the links and try to fix and share if I learn something new. 

All the best.

 

Thank you Jeevesh for your response.

 

I have multiple sites but I tried to first fix the simplest of them since it uses the WP default theme. Last night, I did see the rogue code in .htaccess file at root level as well at WP-base-folder level and I cleaned it. Since the template is by WP, I refreshed the template. I could find some other rogue codes in /tmp which also I cleaned. But no luck. I found the rogue file via sucuri plugin which does a integrity check with WP core files. A lot of files in /wp-includes/jquery were compromised. Right now I seem to have cleaned up theme files, .htaccess is clean, where else do I look into ?

 

 

I other primary site is ghumakkar.com and I am using, 'Simple Mag' theme. 

 

My SSL got disconnected as well. I called tech-support and they promised help but no response so far. Have reached out to someone at GoDaddy for support on this. Hope to hear back.