Daddy's Notes on Building a Station > Blog > Experience and skill sharing > Cases of virus cleaning refused to be released due to violation of the invaded website prompted by Google advertisement
Wp Bingdu

Cases of virus cleaning refused to be released due to violation of the invaded website prompted by Google advertisement

Image 14
D5444837c371d14eaec5efc62dbb1cc

These days, my father encountered several cases of website poisoning. The reason was that when a friend's website put an advertisement, Google prompted that it did not meet the conditions, "it has refused to log in (because it violated the invaded website and another policy)." After finding no virus through online virus detection, Google has given more detailed virus information.

The infected malicious links are:
1558.necklovehaml.live

Then enter the server check and find that malicious code files have been inserted into the website directory. At the same time, when this article was published, my father had solved three websites with the same virus, so he specially sent a document to record it. If you happen to encounter this situation, you can check it according to my ideas.

Symptoms of website poisoning

If your website is unlucky to be infected with this type of virus, the computer side usually does not see anything unusual, and daily website posts will not be affected, but if your customer visits your website through the mobile side, it will be redirected to the advertising page.

How to determine whether your website is infected with this virus

Judging from the situation of the father's contact with the virus, the simplest way to judge whether your website has been invaded is to first change the password of your own administrator account, and you can't log in to the background normally. When you retrieve your administrator password and log in to the background, check the user list of your website background, Check to see if there are two more administrator accounts: crander and wp_update ikECGaKR.

Additional hacker accounts of website users

If these two accounts (or administrator accounts you don't know) appear, 100% of your website is invaded or infected with viruses.

Enter the server to view the index.php file of your website, and you can see the malicious code inserted.

Malicious code inserted by index.php

At the same time, check each directory of the website, you can see the virus files that were not originally there.

Site virus file inserted

At the same time, there will also be some folders that have not been seen before, which also contain virus files.

Virus generated folder

How to clean virus files

Since we have identified viruses and virus files, it is relatively easy to clean virus files.

Manually delete the infected virus file and overwrite the existing file with a clean wordpress file.

If you can't deal with the virus yourself, the father will provide a paid treatment service if necessary Contact me

4/5 - (4 votes)
Recommended articles
Steps to build a website
Steps to build your own website
20240325 6601c9bdb7da7
WordPress host recommendation
AliDropship One Piece Delivery Website
AliExpress One Piece Delivery Website

Related articles

Scroll to top