Our latest reports indicate many sites are infected by stick.travelinskydream.ga malware.
If your site is affected by recurrent contamination:
Need help? Let us clean your site.
Before starting a malware cleanup, follow these steps:
1. Perform a full backup, including core files, plugins, uploads theme and database.
Avoid using plugins since it may take longer than expected. If you don’t have tech skills, ask your web host to do it.
2. Disable public access, to protect your data, reputation and visitors.
Simply add this line inside your main .htaccess file. If you can’t do it, contact your web host.
deny from all
A full cleanup guide is available here:
Most of these attack origin from Ukraine. Here’s an example:
126.96.36.199 – – [09/Mar/2021:19:25:55 +0100] “GET /wp-json HTTP/2.0”
188.8.131.52 – – [09/Mar/2021:19:25:56 +0100] “POST /wp-json/thrive/ HTTP/2.0”
184.108.40.206 – – [09/Mar/2021:23:05:02 +0100] “POST /signup.php HTTP/2.0”
Malicious domains: giantafricatone.me, domainforcleverhunt.me, bestletherservice.me.
var _0x23e9 & var _0x2825 malware: https://gist.github.com/magefix/7f55caeb507c373f90e882dfc134c28d
Malicious IPs: 220.127.116.11 ( Nice IT Services Group Inc. )
Try our Free site check.