How to detect malware injection and Solve, What is wp5s.org

How to detect malware injection and Solve, What is wp5s.org

I have been getting Mixed Content error in chrome console because of wp5s.org being requested over http. I didn’t realize until I moved to https from http about this malware injection from http://www.wp5s.org/jquery.js .

This kind of malware injection can be a cause of NULLED WordPress plugins or themes and can be harmful to your website in one or other way. For me this injection was happening occasionally when I visit my blog and it triggered me of an unusual activity on my site when my own website redirected to another malware site containing ads. My friend had informed me about this before but I thought it would have been a mistake or chrome extension messing up with my friend’s browser and it was not.

Problem

There will be no issue at all when you visit your blog, but there will be many problems when someone else visits your website. Your webpage can redirect to other websites and you lose your visitors, your website ranking will go down on google. Your website will have ads you have not put, pop ups and everything you do not wish to happen, collecting user information with the help of your website.

How to figure out unusual JavaScript injections

It’s hard to get to know about malware injections because your blog may be running AdSense and many ads request JavaScript with errors. Especially when you are not on SSL, scripts could be easily downloaded and injected into your blog. Many scripts are not requested when you do VIEW SOURCE of your page. Here are the steps I follow to figure out some malware injections.

1. Use Chrome console

Press F12 and you will get a developer tool bar at down side or your page, Navigate to Console Tab and you will find a list of errors where you can take a look at your websites incorrect content or content with any error. It will list network errors and everything wrong with your page.

Usually malware injection happens over http and if your site is having an SSL your will get list of errors stating “Mixed content …. Resource requested over http …. “.

As I said many scripts will not be visible on VIEW SOURCE. Hence select Elements Tab in developer tool. Go through the file and detect any unusual JavaScript that your site is not using. When you think you found an unnecessary JavaScript injection move to next step.

2. Search on Google

When you think any script is unintended copy the complete URL or domain on google and possibly you will find proper result if someone has mentioned about it. You may get the website link with every detail that you think it cannot be a spam.

When your search returns a website with the same URL and if it says that “A description for this result is not available because of this site’s robots.txt” then it may be a malware.

3. Solution

800x400

If your website or blog is redirecting to other website then take a look at your .haccess file inside your root directory of website.

Go through your header and footer files to search the malware link. Most chances of containing there scripts are NULLED plugins. Try deactivating plugins one by one and check the console if problem is resolved. Delete the culprit plugin and never use NULLED plugins.

You will not get malware injection every time you visit your website because of cookies. Try clearing cookies and browsing in incognito to check out proper issues. Try using other device also because of your IP may be indexed and you will not be able to detect any problem.

For me I had to deactivate a NULLED plugin, and yes I won’t use any NULLED plugin from today. I almost wasted my whole day to figure out http://www.wp5s.org/jquery.js malware injection which was causing redirection to other websites.

Comment below about how you figure out malware injections and detect any issues. I would be very happy to know more.



© 2017. All rights reserved.