Support » Fixing WordPress » Fake App Attack Help
Fake App Attack Help
-
Hi there,
Someone today report me that Firefox say my site have malware, I checked and rechecked several time and I couldn’t fine anything but later I found norton safe web with have a report for my site specifying at least 7 threads.
I’m looking into my site right now but with not experience I’m looking for some help.
Here’s the report
http://safeweb.norton.com/report/show?url=nehemoth.com
Thank you
-
http://sitecheck.sucuri.net/results/nehemoth.com
You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
Hi @perezbox thank you for the reply.
I did try some advice in the links provide by @esmi but sadly I haven’t been able to find out the cause ot the problem.
I remember like a year or two ago, Google notified me of something similar and with the plugin exploit scanner I found the problem sadly this isn’t the case.
Ok, this one is going to be a bit of challenge because the information being provided by Norton is sometimes cached and not very specific. You do know its some type drive by download so you’re going to want to look for some kind of obfuscated code.
Help us out, what have you done already?
Thanks
Exactly this, I’ve searched for obfuscated code inside several files, I ran exploit scanner and check every exit output.
I read all the above links weeks ago and I couldn’t fine anything.
Nehemoth, your old site was infected (google cache 11.05.2012), a new look as clean.
http://safeweb.norton.com/help/site_owners#rating_inaccurate
@adpawel, I’m confused.
Are you saying that Norton is using the Google blacklisting API? Or are you pointing him to the instructions to submit for a review? Although I think they do use the Google blacklisting engine also.
I think its the latter, right? or maybe both.
@nehemoth have you submitted to Norton for a review just to confirm it is in fact still infected according to their engine?
I ask all this because you’re still showing infected on Norton: http://safeweb.norton.com/report/show?url=nehemoth.com and that’ll show up for anyone running Norton. So if it is clear, per @adpawl then you’re going to want to resubmit for evaluation to clear that warning.
Wow, didn’t mean to complicate that..lol
@adpawl I just change the Theme last night, I was thinking about the theme been infected but the links reported by Norton are working still.
@perezbox I didn’t submitted, as I said before those links are still working
Also the site have been clean always in Google and the other engines That I used, the only with something to report was always Norton.
@nehemoth I think what we’re saying is to proceed with submitting it to Norton to see what they say. It could be a false positive, unsure right now. If you submit you’ll know for sure if they are flagging something current, or if its a cache issue.
I would also trying leveraging a number of other user agents to see if you can’t replicate the issue on the client side. If its a drive by download then its likely also conditional. Meaning only specific conditions render the issue (i.e., Windows Box, XP OS, IE 7, etc..).
Make sense?
@perezbox It makes sense to me, sadly those links works in any browser tested (IE, Fx and Cm) on W7, W2K3.
The links looks too me safe but I don’t event know how those links are create (the algorithm) and of course I don’t know if those links should be there in first place.
I registered the site on the norton web and Submitted for a revision, I market six as removed and one as not harmful.
Lets see what happens.
Gotcha.. You can also try using something like this: http://www.botsvsbrowsers.com/SimulateUserAgent.asp
You’re using very limited agents, there are hundreds, if not thousands. But at this point, its probably best to wait and see what they say instead of pulling your hair out. You could literally spent all day testing agents..lol.. trust me..lol
Hopefully its a false positive.. fingers crossed. Let us know though or I’ll start losing sleep..:) j/k
Indeed @perezbox lets hope for the best.
I’ve submitted it in that way precisely to know better about this service.
I will update as soon as I receive any notice.
Thank you very much for the support, outstanding
Update
The site its clean
http://safeweb.norton.com/report/show?url=nehemoth.comSadly I didn’t received any information, just that has been reevaluated and everything its OK
Boom.. legit..
Cool
- The topic ‘Fake App Attack Help’ is closed to new replies.