Good week. They're coming back!

Chris, I see that you added the updates on the client's spreadsheet. 
I updated the CS tabs. 
Thank you. 

Shane  
The Google ads are off for this client. 
Any idea why?

I commented in the chat for this channel. The clients website has been hacked and they have malicious Software installed. Google will not allow us to run ads again until this has been resolved.

Chris Hector that's why they aren't getting any leads

Isaac  we don't control this site do we? they have another developer if i am correct? 

Shane - Can you please let me know how are you checking for Malicious content on the website?

I just ran the website on Sucuri scanner and it says the website is clean.

whitney.zelig@gmail.com -  Yes, you are right. We don't have access to their website hosting or sftp.

Shane I saw that on Google which is why I asked Issac to check the site a few days ago... and he says there is no malicious codes.. So what gives?

image.png 26.1 KB • Download

Isaac, could it because of what you said that their website is running on very old php version and they should upgrade it for better performance and security?

Isaac '
here are the affected URLs - or some of them... is there anything you can do?

Scanning the affected URL, I see that there are few malicious links as given below which need to be removed from our website. The malicious links usually might be visible over the hyperlinks and internally on your website. These links should be fixed and removed by the web developer.


"https://buildgunmore6.live/4637264867/?utm_campaign=QPF8euu28II5lw7O2iHhCidoSOXmw5oLxD6bwphw43U1&t=main9&f=1&sid=t4~cna024osiu1xyxjvgxnws1fu&fp=smWSwGSkclNRnOBeZbbG6QX%2BwvKldaWNOs2LrfI2Vu8GNSQ2W4asC9BzLZi22blY9PE%2FkOeltiZ1U8vztuQ75j6mXI2YT%2Blfuj6HlTAxRzXuPZMpVNMJrh7u82KDX15xgUK2cByPXdaGOFqflGTSuzW0isrK7eRBFtVq1AAGP8LqG%2BMe0pZ47D6VR6mI7QOS1uebqkxDRUU6EedhH%2FyiQGABfQctqkSDV6ZmLxVtG9kAXVMia%2FswAoIR%2Fh4%2FypUc0QTwKz98KDWQsOmjqJ9ttldrbaTY6mMbSs0FcSUa8oTRzF7UNpr%2Bz%2F91OCZOPu5UjwSJ0uAva9gocOp39p7TCtMRSJAlfhH%2FEtHfvtMZeSYBezNGTCCxVHoeA9F7zMkmgmh0WyklDt9gY%2BAxiy7UDZzWSrchyrMZ7u2XKZyf53Jllu3plXg1rXVhVfvMEQPZiPEp%2B9Mm9AIMv1FeCCgRmoS9xXDd6IEAxwWZTG1ArLYN6UGaQ2PpS9SBOV4j9obIOBJNrB6XAqlKdQFwBKrD5bGA9JHdOn2NI9yl2d4PWsEkuvfiJQNeJeSCMYddsgt%2FtO17a3vZMKM2Vg05F1fEtSd6hanDwyxVWbce5mBMGHsZboSAOcNZAvcLpUAmkS4eEf65NimEH90jPXxH5zG5g325BFMU0nuoBmkaYfR%2FZj0NrzzkfqlVj8kmboz8AEDY0uiIvS7yUDAXPHglko38ukCnEaRG3jPLCOd52Ku%2B9koTNaEae%2FrBhBulTD0oNzkEFQby6X%2F1v764GLFaRyJWALuNwda4wZdE87zCQC%2FwJovyhEAAcjrr4Cw%2FgGrIazYD7lx%2FDfl%2FAoYV3z7rhYTilho2CJAPodzkrqrAiru1yF%2BNQv3SuOfRK9h84N9AaJyWs2hLztKMbTaAetue%2BEDEp24DMNGPvinUvYkevBdstJX%2BdzbA2eo3IhUcy4efNpZYkZgdsN7na08NN6LFDGlHcbprwr%2F%2FMcTRaaRvGoej9J4nwRA8xw5JnliZW2tjrZ%2FwTNnRlKbWR1CaRQUc2VzagZRiqLVFpEjug0DowGcO1RB3H1TUTghM6ZMr8i%2B2CRRQQUrDr%2BKlmhBX3vPRa9T22fc2dl5fi0EGN5anL4AEi7ZjqofMGOuz%2B6VLIfbz1qfvEOUDyW52SvFR0pwNKZXTjmYElBGJ1IelYJ1R76Iu%2BqJbyH9Bpe7lhO1CgtdJLfdm3cwd%2BQIGPSXu1ttalaBMGXKD7HYFqZWy3y2zkKnjTROQX7X2eBQ92Npkl%2Bwyd0kcXjpO84m2rc%2B6Zupdk%2FKzY27vCjANOm41rNcX9JJ3cDsfK6DOPTpBWi9YlgdfEweemjvI3Vakj0hxgeHZ67gBJUmamdsOVxAspF7yispQTZxqlJ33GNzutqIjxJXHpc8Rk3qq5%2FDXu4cAgnmnNxLowKSJdjO3edB14h313nCaFsFkMFFfnKsYqbxOGpyNN%2BoFz0FSl9amKc3hbz3r1Vr1EMpf4dZNq6%2BH9L5hJa%2Fhf60xCWG%2FUZlkiCZw5C0aA7k5qeAhClqIbcgkwLogQnCwcfff%2F3N1%2BYnZzTPkOcB5v4HflrJgzIaQhNKnNqYoXjFv
>>
https://buildgunmore6.live/?utm_campaign=QPF8euu28II5lw7O2iHhCidoSOXmw5oLxD6bwphw43U1&t=main9
>>
https://buildgunmore6.live/media/mainstream/pixel.html
https://mobile-global-apps-storages.life/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRIICdnaAYWlcQ%3D%3D
>>
https://mobile-global-apps-storages.life/away.php

Hector - Without having full access to their site source files + Database. We can't do the cleanup or deep scan.

Thank you Isaac.
Client is in denial about the malware.
Yet this morning I was able to confirm it. I visited the site and was taken to another site instead.
The same one we had on J Walker Salon... the virus is the same.

image.png 336 KB • Download

Are these word press sites?

j walker is- 

again- we aren't paid to control this site- chris needs to reach out to his developer. 

This is not J Walker Whitney, this is the same malware that was on there once.. 
I already mentioned to Forever Young medspa via email that if she wanted us to take care of it, she would need to discuss it with Chris. 
However, we still have to try our best to get those campaigns up and running again.  

Hector  - where are we at with this? 

Chris, we have moved fwd quite substantially. 
We have moved both of their sites to WP engine, are in the process of cleaning them and checking for viruses. 
I also set them up with a G-suite account today... 
Isaac is working on the rest. 
We should know about the virus-malware after the scanning has been done. 

Ok. Thx man