Hello,
Got an notice from goolge about “Social Engineering Content” on our site.
The link that they gave me does not point to actual content on our site and I can’t find any evidence of the link in any of our files (searched DB, downloaded site and searched for string). Looked for coded hex and javascript too.
Scanning the site has not turned up anything (wordfence, sucurrri remote).
the offending link is: /Auth/psuinc… (redacted)
Is the “Auth” related to wordpress. I found an Auth folder in /wp-includes/Requests/Auth
If I search for the link, no direct hits, but some related ones (I think) with psuinc in the link.
At some point I will probably restore from backup, but not finding any sort of evidence is quite frustrating!
Any ideas most appreciated.