-1
I'm having trouble with an infected Wordpress website. At random the page is redirected to some shady advertisement. It's similar to the description here: https://blog.sucuri.net/2016/05/wordpress-redirect-hack-test0-default7.html
I've already wrote a .NET App that cleared over 4000 PHP-Files from malicious code. But the redirect is still there.
Next I tried to analyse the redirect via a Chrome-HTTP-Headers Extension. It seems the redirect is coming from an infected JavaScript. Problem is, I did not yet find the malicious JavaScript-Code and so cannot search for it. There're over 1000 JavaScripts in the Website, most of them are minified.
Question: How can I receive a list of JavaScripts that are loaded at initial HTTP-Get Request?
Answer can be in PHP, JS, Python - Answer can also exceed the question by showing how to find & remove such a malicious infection (Unwanted Redirect) of a Wordpress website, e.g. via help of a free online services, Chrome or Firefox extension or other Software.
Thanks.
EDIT: Of course I tried just a "WGET" of the root URL and looked into the saved file. But I coulN't find anything there, to me it seems the Malware only becomes active in a real browser.
Why is this being downvoted again? Whatever I'm asking here, no matter the question, the amount of information I provide, always somebody is severely unhappy with my question. Why? Cause I ask more complex questions than "What is 1+1"? – Lee.D – 2018-01-10T13:05:42.373
Maybe someone assumed that it is a WP site that you are hosting. In that case the question is not very relevant, because the only solution then is: wipe and install your site software from scratch, and put the data back in from a backup. – Jan Doggen – 2018-01-11T09:35:55.990
Why would that be the only solution? Finding and erasing the Malware could also be the solution, right? – Lee.D – 2018-01-15T16:59:26.823
No it is not. Once compromised, all bets are of. You never know what else has been planted on your system. Read this for a more elaborate answer.
– Jan Doggen – 2018-01-16T19:53:36.643