I have a wordpress 5.0 site and few days ago, Google Ads detected malicious links inside my website. They are like this:
*http://apps9244.ittprize60.live/?utm_medium=oxxGrJ1EO8rl%2FlkgHhDHtdaJe%2B6y3ml38Z%2B1ZX9QaLo%3D&t=main7_5*
I tried to scan it dozens of times finding them inside the wordpress files but I am unable to find anything. I tried to do a mysqldump to see better the database and I found an INSERT INTO inside wp_options table.
But this INSERT INTO is done automatically and I am unable to find where it does something like this.
Anyone knows how to find those links? Thank you very much.
Thanks to NoBugs I found the problem. First I did a mysqldump of my database. Then I started a search using grep :
sudo grep -rl "apps9244" /directory/to/website/
I tried different strings like "prize", "ittprize". Fortunately I found an INSERT INTO with the same string. This was the proof about the malware.
Finally I tried this:
This thing took me around 8 days to be solved. I think could help to other people.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.