Showing posts with label wordpress. Show all posts
Showing posts with label wordpress. Show all posts

Friday, September 13, 2013

Friday the 13th, a bad-luck message JS/redir.BS for a wordpress website

JS/redir.BS is a malaware that silently is stored in your website and will cause something ugly to happen: lose access to it.

There is no simple way to know when it got there, but several places can give you a clue on how to get rid of it. Important advice: take care of your website security, create backups and change passwords every now and then! Wordpress is a strong tool, but not invensible.

As I know how to control my computer and get rid of malaware, I decided to create a simluation in my computer, that was risky, but the fastest way to do it instead of waiting for the hosting company to help me.
I did a clean installation of Wordpress last version, the one I use in my website.
As I was suspicious of the theme, that was the first thing I copied from the server to my laptop. When I tried to move the theme folder to my local Wordpress installation, there it was. My Antivirus poped-up and blocked the virus, luckily it was just in the header file.
If you still can access to wp-admin on your website, go to the infected file, and get rid of it or of the infected code. It is Javascript code.
Change your passwords, all of them. Do the same for the keys using the Wordpress generator and overwrite them at the wp-config file.

If your case was not that simple:
First, confirm if your website is infected with malaware: http://sitecheck.sucuri.net/scanner/
Second, make some good reading http://codex.wordpress.org/FAQ_My_site_was_hacked
And learn how to Completely clean your hacked wordpress: http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

Either way, make sure your website is not infected http://sitecheck.sucuri.net/scanner/