I am by no means an expert here folks, so please pardon anything i’ve said that doesn’t make complete sense. I am in IT, but don’t mess with websites at all.
A company i supports mail security provide (ProofPoint) suddenly started flagging all emails from our client as spam. The reasoning behind it was that they were picking up malicious content on their website, and since all the email include the websites address “Company.com”, that was their reasoning. we can’t even taking links out of signatures, because (and i’ve tested this) when someone replies, the “company.com” in their email “[email protected]” is enough to trigger the flags.
after a week of going back and forth with the web dev and PP, with PP giving us nothing to actually go buy until day 7. We hadn’t found anything.
We restored to over a week before the flagging began, still considered compromised.
PP tells us it has to do with Parrot TDS, but not specifically what on the site is catching their attention.
2 days later they tell us it is located at “companysite.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.4”
ok great, they found something and are finally telling us. We deactivate and delete the ivory search pluggin.
now another 2 days later and their rescan is done (or its the weekend and they just got around to looking at the results and telling us) and now they are saying they still see malicious content, but it is located at “companysite.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4”
we are picking nothing up using the plugins from securi, wordfence, or malcare.
Has anyone experienced something similar, or any recommendations?
[ad_2]