7 {{ upvoteCount | shortNum }}
7 {{ upvoteCount | shortNum }}

Is my website infected? How do I clean it?

by svedski
5 replies
Hi,

I'm using a nulled version of OptimizePress v1 (if I could buy it, trust me, I would) and I just did a scan using the "Exploit Scanner" plugin. Apparently, it found thousands of "threats". Many of them came from my admin folder and had nothing to do with OP. But many of them, maybe 200-300 came from the nulled OptimizePress plugin.

Some examples:

wp-content/themes/OptimizePress 1.36 nulled/template_004.php:562
Often used to execute malicious code echo ($customtrackingcodefooter) ? eval('?>'.stripcslashes(stripslashes($customtracki ng
wp-content/themes/OptimizePress 1.36 nulled/template_004.php:563
Often used to execute malicious code echo ($postcustom['_seo_footertrackingjscode']) ? eval('?>'.stripcslashes($postcustom['_seo_footertrac
wp-content/themes/OptimizePress 1.36 nulled/template_003.php:333
Often used to execute malicious code ['_optthemes_webformhiddenhtml']) ? stripcslashes(eval('?>'.htmlspecialchars_decode($p ostcustom['_optt
wp-content/themes/OptimizePress 1.36 nulled/template_003.php:402
Often used to execute malicious code ['_optthemes_webformhiddenhtml']) ? stripcslashes(eval('?>'.htmlspecialchars_decode($p ostcustom['_optt
wp-content/themes/OptimizePress 1.36 nulled/template_003.php:537
Often used to execute malicious code echo ($customtrackingcodefooter) ? eval('?>'.stripcslashes(stripslashes($customtracki ng
Will this have messed up my blog in some way?
What do you recommend me to do? Remove the nulled plugins (I got more of them), install "Bulletproof Security" plugin and then change admin passwords?
#clean #infected #website
  • Profile picture of the author RobinInTexas
    Remove all the nulled stuff.

    Install Wordfence plugin and make sure the Wordfence options for all the free scans are checked and run a scan to look for any suspicious files and remove them.

    You may have to reinstall WordPress

    Don't try to use any pirated themes or plugins.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[8502398].message }}
    • Profile picture of the author svedski
      Originally Posted by RobinInTexas View Post

      Remove all the nulled stuff.

      Install Wordfence plugin and make sure the Wordfence options for all the free scans are checked and run a scan to look for any suspicious files and remove them.

      You may have to reinstall WordPress

      Don't try to use any pirated themes or plugins.
      Will do. But I checked my OP1 theme with "Theme Authenticity Checker" and it came out OK (green light). Maybe it's too drastic of a move to remove it?
      After all, I will lose all of my work .

      I do have a nulled version of DAP installed that I will remove though. I will buy the full version instead.

      If I just do this, and install Wordfence and change the passwords etc, will it be OK? Or am I still "f-cked"?
      {{ DiscussionBoard.errors[8502443].message }}
  • Profile picture of the author RobinInTexas
    If you do a full scan and no problems are detected by Wordfence (don't need the Paid members only scan) you are probably OK

    If you are showing "nulled" in the theme path you are asking for legal trouble.

    I would go with that.

    I am not a expert. I don't even play an expert on tv.
    In no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of my opinion. Taking free advice from anyone via the internet is a bad idea, you should do your own research and consult proper experts before embarking on anything after breakfast.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[8502472].message }}
  • Profile picture of the author Andrew H
    You need to understand one thing.

    Why would someone go through the effort of nulling a script? for the pure enjoyment so some random like you can download it for free? No. They do it for their own gain (hidden backlinks, backdoors, spam server, etc).

    Especially if your not 'in' the community, you can be sured that you are being taken advantage of.
    Signature
    "You shouldn't come here and set yourself up as the resident wizard of oz."
    {{ DiscussionBoard.errors[8502515].message }}
    • Profile picture of the author svedski
      Originally Posted by Andrew H View Post

      You need to understand one thing.

      Why would someone go through the effort of nulling a script? for the pure enjoyment so some random like you can download it for free? No. They do it for their own gain (hidden backlinks, backdoors, spam server, etc).

      Especially if your not 'in' the community, you can be sured that you are being taken advantage of.
      Ok...yeah, I've thought so too. Stupid as I was I didn't think of that when I installed it. That's the greed talking . Trying to fix it now though.
      {{ DiscussionBoard.errors[8502587].message }}

Trending Topics