Blacklisted / Post contains a suspected malware URL

Resolved gero_007
(@gero_007)

10 years, 11 months ago

I got WordPress site blacklisted from Google. What I have done so far:
Updated the latest WordPress / plugins.
Checked all the files for modifications but no file is modified.
Checked for unknown files in ftp but there are none.
When I check my site with http://sitecheck.sucuri.net/scanner/ and it shows:
Blacklisted:Yes
Malware:No
Malicious javascript:No
Malicious iFrames:No
Drive-By Downloads:No
Anomaly detection:No
IE-only attacks:No
Suspicious redirections:No
Spam:No
When i scan with the plugin Wordfence it show this alert: * Post contains a suspected malware URL: for all the urls that my site has.
I have also downloaded all my site and scanned with Kaspersky antivirus but no problem. Also my hosting provider, bluehost, says that there are no malwares in the ftp. Anyone has any suggestion?

Viewing 10 replies - 1 through 10 (of 10 total)

esmi
(@esmi)

10 years, 11 months ago

Site url?

Thread Starter gero_007
(@gero_007)

10 years, 11 months ago

Thanx for the reply esmi
Url is:
http://gazetarepublika.al/

esmi
(@esmi)

10 years, 11 months ago

Did you read http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=gazetarepublika.al

Thread Starter gero_007
(@gero_007)

10 years, 11 months ago

Yes, I read it and I have registered in webmaster tools and submitted for review. They give the following:
Status of the latest badware review for this site: A review for this site has finished. The site was found to still be dangerous for users. Please review your site again. When you are confident that you have cleaned and secured your site, please request another review.
Sample of URLs with malware: http://www.gazetarepublika.al/?p=10507
And it show all the urls like Wordfence did.

esmi
(@esmi)

10 years, 11 months ago

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

redleg-too
(@redleg-too)

10 years, 11 months ago

Use this on-line tool to take a look at the code being returned by a request for your homepage

http://aw-snap.info/file-viewer/dev-index.php?tgt=http%3A%2F%2Fwww.gazetarepublika.al%2F&ref_sel=Google&ua_sel=ff

scroll down to about line 638: The block of script that starts out
function n36e75bf28(v15b5f3c8173a732,p820787a9028,c...........

That block of code is malicious

redleg-too
(@redleg-too)

10 years, 11 months ago

Sorry, Just realized that is the wrong link should be

http://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.gazetarepublika.al%2F&ref_sel=Google&ua_sel=ff

Thread Starter gero_007
(@gero_007)

10 years, 11 months ago

The url by redleg-too was really helpful, thanx redleg-too!
So, i removed the script at line 638 and everything is going fine now.
I also had to go through all the very useful links that esmi sent above, so thanx esmi as well.

akudo
(@akudo)

10 years, 11 months ago

Hi i also tried to do the same thing but could not find which line i had to remove, im quite new at this and struggling. my url is
http://www.shekudo.com

I havent received any views or orders because of this and ive tried everything that the gentleman above has without any luck,
pLEASE help!

thank you

WPyogi
(@wpyogi)

10 years, 11 months ago

@akudo – you need to go through all the resources listed above in esmi’s post – unfortunately, there is not easy way to clean up a hacked site.