My website is running on Wordpress on a Nginx/Ubuntu server. Recently I tried to make some ads on Google but it prompted me with a policy violation on Malicious or unwanted software. I got in contact the the Google team and they gave me some links that appear on my webpages. These are:
https://staleshow.com/v2/0/fovR3B4fjiQSgtNFpGy....
https://staleshow.com/v2/0/gemRIkJ9djEBOXuetqaLkIOcy.....
https://staleshow.com/v2kzbtsxmzq-clIED28ZJ-mROoqs5UKBLIXem7WuN....
https://staleshow.com/v2vgtikD8J6e0uNhC1Rgy5NIHONmkM-LSTIbr_enq_ckOqCgI....
When inspecting my website with dev tools I can see that a script is running in the head tag. Follows:
<script async="" src="https://staleshow.com/v2/0/fovR3B4fjiQSgtNFpGy...."></script>
How can I delete this line? Where is it's origin?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
I would try to install one of the security scanner plugins for Wordpress. It appears you may have a rogue plugin installed that is injecting this script into your site code. That or review your plugin list and see if there are any that you do not specifically want installed. If none of that finds anything, I would go through each plugin one by one and uninstall, refresh, and see if the injection is still there. Those links that Google gave are going to always come back with a 404 response due to how that
staleshow.com
website is used.My guess without knowing Wordpress well would be that you have an unwanted plugin installed on Wordpress that is adding this. I’d use one of the security scanners that Wordpress has or review your plugins to see if there are any that are there that you do not want there. This site has some info about Wordpress security scanner plugins https://www.wpbeginner.com/wordpress-security/
Hi @threepixelslab,
Traditionally,you can find this file in the
functions.php
andpage.php
file in your custom theme.You should remove theadd_js_scripts
function and all theadd_action clauses
that mentionadd_js_scripts
.And,search keywords <scripts> in your origin code to find if there are other malicous virus.Or,you can check youredit
module in your admin page,usetext edit
mode to find strange links.If you can login your phpadmin page,you can execute this MySQL command:This is to replace the malicious links to blank.But you must execute this for each link.Just like:
(Remember to substitute the VIRUS DOMAIN to the real one)
After i search for this,i wonder if your addon’s name is
Ultimate Support Chat
.It has been reported so you should delete it as fast as you can.However,I didn’t find any other records that related to the link you mentioned.I suggest you reinstall your wordpress,and use other theme.This is a better way.Kind regards, Shiroka