site needs cleaning

Hi,

I have support access on for baincil.org. This site appears to have been hacked and needs cleaning. I have a backup stored on mangewp from a while ago if you need it as well.

  • Predrag Dubajic
    • Support

    Hi Corn,

    Can you please provide us with some more information about the issue, why do you believe that the site has been hacked, what are the symptoms, how could we see the issue?

    I did a scan of your site with Defender and there are some suspicious code in AdvanceImage5 and simppeli themes.

    If you’re not using those themes I would suggest removing them completely from your site.

    Please let me know about the above questions so we can see what would be the best approach to this.

    Best regards,

    Predrag

  • Predrag Dubajic
    • Support

    Hi Corn,

    Do you have any backups of your site before this happened and if you do are they hosted on your server or can be pulled somewhere from your hosting provider?

    The message on your home page points to contacting your hosting provider, have you did that so they could give you more info on what’s causing the report?

    Could you also provide us with FTP/cPanel and Database access so we can check this further?

    Note: Don’t leave your login details in this ticket.

    Instead, you can send us your details using our contact form https://premium.wpmudev.org/contact/#i-have-a-different-question and the template below:

    NOTE: Don’t change selected topic in the dropdown, just leave it at “I have a different question”.

    Subject: “Attn: Predrag Dubajic

    – Site login URL

    – WordPress admin username

    – WordPress admin password

    – FTP credentials (host/username/password)

    – cPanel credentials (host/username/password)

    – Database credentials

    – Folder path to site in question

    – Link back to this thread for reference

    – Any other relevant urls/info

    Best regards,

    Predrag

  • cornelius_butler
    • DEV MAN’s Mascot

    here is what the host said:

    Hello Cornelius,

    Thank you for reaching out to Support. I am very sorry to hear that you were having this issue.

    We see that this ticket was created in regard to a suspension notice appearing along the top of the baincil.org installation. However, after reviewing the hosting server on our end we were not seeing any indication of any suspension on our end.

    Checking the source information for the site for any information we would be able to locate regarding the message, we did find that the coding for the suspension included the following:

    Contact your hosting provider for more information.

    That the suspension page includes a reference to the address webmaster@userbane.s-host.net, this indicates that the message was provided by a server with the hostname userbane.s-host.net. With this in mind, we reviewed the plugin installations on the site and were able to narrow down the issue specifically to the “Link Injector” plugin installed to the site. We found that with the plugin disabled, the suspension notice does not appear on the site. We’re not certain on the cause of the suspension notice in regard to this plugin and would advise to reach out to the developer of the plugin regarding this for additional review and correction.

    Please let us know if you have any further questions; we are more than happy to help.

    Best Regards,

    Felipe Gi.

    InMotion Hosting

    888-321-HOST (4678) Available 24/7

    https://www.inmotionhosting.com

    For answers to commonly asked questions, visit: https://www.inmotionhosting.com/support

    How am I doing? Please let us know at: https://secure1.inmotionhosting.com/amp/leave-feedback-external?cm=ticket&src=pdesk&auid=felipeg

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.