cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

WP site getting redirected to cpmatik and then a betting site.

When I load my website, www.nandanjha.com, it comes for a second or two and then it gets redirected to some spam site, then to cpmatik.com and finally landing at oleobet.com

 

On subsequent loads it stays at nandanjha.com. I can't seem to find any malicious file, have updated my theme to latest WP 2015 version. checked header.php and footer.php, no luck.

 

I have hosted a few more sites and this problem is with every site. htaccess at the root folder of nandanjha.com seems fine too.

 

Any leads on this one pls.

6 REPLIES 6

Re: WP site getting redirected to cpmatik and then a betting site.

This is BS. All of my Godaddy wordpress sites have been hit by this virus too. Please help!

Re: WP site getting redirected to cpmatik and then a betting site.

I have the same problem. And don't expect Godaddy to help. I had contacted them and they were trying to sell me some crappy program instead of resolving the issue. I had figured out a few things and removed like 982 lines of malicious codes from my website. Do you use any of the following two?
1. Div Themes
2. Ultimate Members 

Re: WP site getting redirected to cpmatik and then a betting site.

Ultimate members one of them.

Re: WP site getting redirected to cpmatik and then a betting site.

Thank you Jeevesh for your response.

 

I have multiple sites but I tried to first fix the simplest of them since it uses the WP default theme. Last night, I did see the rogue code in .htaccess file at root level as well at WP-base-folder level and I cleaned it. Since the template is by WP, I refreshed the template. I could find some other rogue codes in /tmp which also I cleaned. But no luck. I found the rogue file via sucuri plugin which does a integrity check with WP core files. A lot of files in /wp-includes/jquery were compromised. Right now I seem to have cleaned up theme files, .htaccess is clean, where else do I look into ?

 

 

I other primary site is ghumakkar.com and I am using, 'Simple Mag' theme. 

 

My SSL got disconnected as well. I called tech-support and they promised help but no response so far. Have reached out to someone at GoDaddy for support on this. Hope to hear back.

 

Solution

Re: WP site getting redirected to cpmatik and then a betting site.

I'm still working on removing all the malicious codes. I think I'm very close to eliminating it completely. I will share what I did if I successfully eliminate the redirects. 
Meanwhile, please scan your websites with the following online tools and share your results.

https://sitecheck.sucuri.net/
https://quttera.com/website-malware-scanner
https://www.virustotal.com/

Sucuri is the most reliable one.
Also, read the following articles for more info.

 

https://blog.sucuri.net/2018/08/massive-wordpress-redirect-campaign-targets-vulnerable-tagdiv-themes...

 

https://blog.quttera.com/post/malware-analysis-of-the-infection-injected-via-security-vulnerability-...

 

Contact Godaddy and they will tell you to buy their security tools.

Re: WP site getting redirected to cpmatik and then a betting site.

Thank you Jeevesh. I was able to recover my simplest site of all since it was using the WP default theme. I cleaned up

1. .htaccess file at my root as well as site-folder-root

2. Through sucuri Wordpress integrity check, replaces the .js files where the rogue code was inserted.

3. Recovered an older copy of my database. In all posts, there was a script tag at the end of it. I lost some comments but thats fine.

4. Changed the Theme since it was on the default theme and I didn't do any customisations.

 

For my primary site, I did 1,2 and 3 and

5. cleaned up header.php file in my theme

 

I did delete few files here and there, do not know how much of that was needed. But the problem is still there. If I scan my site at sucuri (https://sitecheck.sucuri.net/)  it is not able to detect any malware. I will try it on other links too.

 

I would read up the links and try to fix and share if I learn something new. 

All the best.