website now redirects to spam website

Home Forums Gillion Theme website now redirects to spam website

Home Forums Gillion Theme website now redirects to spam website

This topic contains 12 replies, has 3 voices, and was last updated by  rfaria 3 months, 1 week ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
  • Title pretty much says enough.

    After installing this theme, I now open an incognito window and type in expatspoland.com and I’m redirected to https://www.oleobet.com/ via this URL that I managed to take a screenshot of.

     

    http://take.ms/97pJc

     

    This theme is quickly becoming a joke that I regret getting involved with. Why is my website redirecting to a gambling website?

    Hi @phil.forbes,

     

    Thank you for your question.

     

    Could you please tell me why you think it is theme issue or how you have confirmed it’s theme issue?

     

    The theme doesn’t redirect any site at all.

     

    I visited your shared site and didn’t get redirected as shown in the attached screenshot.

     

    It seems this may be your browser extension or any spyware so please test it on a different browser or system.

     

    Best regards,
    Shufflehound team

    Attachments:
    You must be logged in to view attached files.

    Have you opened an incognito window though? The malware attack only happens when you’ve not been to the site before, and after helping me the other day, your cookies are already known to the site.

     

    Try it in a new incognito window, I’m having the problem in both Safari and Chrome.

     

    Why do I think that it’s the theme? Because the only thing that I have changed on my blog in the last week is the theme and all the plugins you’ve suggested.

     

    https://sitecheck.sucuri.net/

    if you put expatspoland into there, it’ll show you that part of the javascript is infected with malware. nothing to do with the browser.

     

    There’s also more information here:

     

    https://blog.sucuri.net/2018/08/massive-wordpress-redirect-campaign-targets-vulnerable-tagdiv-themes-and-ultimate-member-plugins.html

     

    You can see a screencast of the situation here:

    https://monosnap.com/file/jPt1hbskvpIjdYJhNuSSgP4ij9U89g

     

     

    https://monosnap.com/file/rkaUJSLyxZx1ExVy9zgC1FHN0JaHYr

     

    here’s a screencap of the infected javascript

    I have tested it in incognito window but still couldn’t reproduce the issue.

     

    If you are facing the issue on multiple browsers then it seems your site issue.

     

    Yes I can see those malware issue on your site and also some mysterious code as show in the attached screenshot.

     

    But these all things doesn’t mean it is caused by the theme.

     

    Please note that the theme is being used by thousands of users and nobody is affected by malware as the theme doesn’t contain malware that you can test yourself by scanning below attached Gillion theme.

     


    Please login to access this file

    It seems your site is somehow affected by malware. May be because of some plugin.

    You need to remove that malware from your site by taking expert advise.

     

    You can try using following solutions to remove it.

     

    https://wordpress.org/plugins/gotmls/

    https://sucuri.net/guides/how-to-clean-hacked-wordpress

    https://askwpgirl.com/10-steps-remove-malware-wordpress-site/

    https://www.fixrunner.com/wordpress-malware-removal-plugins/

    https://wpteamsupport.com/remove-malware-wordpress/

    Attachments:
    You must be logged in to view attached files.

    Can you please tell me how I can access the code as you have in the screenshot?

     

    None of your documentation explains how to edit the header for example. Also, where exactly did you find this malware?

     

    Can you please tell me how I can access the code as you have in the screenshot?

    For that you need to see your website HTML code in browser as described in the below pages.

     

    https://neilpatel.com/blog/how-to-read-source-code/

    https://www.computerhope.com/issues/ch000746.htm

     

    None of your documentation explains how to edit the header for example.

    Please see the attached screenshot to know where it is explained.

     

    Also, where exactly did you find this malware?

    Same as you have shared screenshot https://monosnap.com/file/rkaUJSLyxZx1ExVy9zgC1FHN0JaHYr

    Attachments:
    You must be logged in to view attached files.

    No, what I’m asking is where can I edit it? Where is the header.php file located so that I can manually remove the code. I’m not concerned about the appearance of the menu, I want to remove the code from the header.

    You can edit theme header.php file from standard WordPress theme editor as shown in the attached screenshot.

     

    Please note it is not just that code there can be code in the multiple places put by malware so you need to remove whole malware from your site orelse it will add that code again.

     

    Remove malware from your site or helping for it is beyond the scope of support that we provide here. Please see https://themeforest.net/item/jevelin-multipurpose-premium-responsive-wordpress-theme/14728833/support so please contact security expert to do it or refer the information provided in the above shared article to od it yourself.

    Attachments:
    You must be logged in to view attached files.

    https://monosnap.com/file/yCgPYF88v2wHNPuJ1XQGYx70wYGXm8

     

    Sorry but I don’t have access to the editor like that. How do I access that same editor you see in the screenshot?

     

    Also the link that you provided is for the Jevelin theme, I purcahsed the Gillion theme?

    I’m sorry but this problem is 100% with your theme or a plugin that your theme needs to work.

     

    I restored a backup from June 27th, 6 weeks before I had downloaded your theme.

     

    Open an incognito window and type in the URL.

     

    Everything works fine.

     

    Go to search console and even the sitemap works fine.

     

    I download your theme again from themeforest.

    Uploaded it to WordPress. Install it, activate it, then activate all the required plugins.

     

    Open an incognito window and I’m redirected to the spam sites I originally was.

     

    This happens on my laptop at work on both Chrome and Safari, my desktop at home using Firefox and Chromcolleaguellegue who lives on the other side of Poland on his Mac using both Chrome and Safari, another colleague in the UK has the same redirection problem on his PC using Chrome and Firefox and my brother in Australia is redirected using his PC and Mac.

     

    If the problem isn’t with your theme, then it’s with a plugin that your theme needs to work.

    As said above the theme is being used by thousands of users and nobody is affected by malware as the theme doesn’t contain malware that you can test yourself by scanning below attached Gillion theme.

     


    Please login to access this file

     

    Your site is affected by malware and it seems when you activate the theme or plugin then it gets triggered and activated on WordPress theme / plugin activation hook.

     

    If you want to confirm it then please test the theme and theme suggested plugins on your any other site hosted on different server. You can even test it locally.

     

    Please contact any security expert to remove that malware orelse it can even steal valuable & sensitive information from your site.

    I Have that same issue with Jevelin theme, can you advise how I can Fix that?

Viewing 13 posts - 1 through 13 (of 13 total)