WordPress.org

Ready to get started?Download WordPress

Forums

Antivirus blocking my WP blog?? (17 posts)

  1. Brandon
    Member
    Posted 2 years ago #

    My WP blog is relatively new, and I was just told by somebody that they are getting blocked out from viewing my site. With the message of:

    "Access to the web page was blocked by ESET NOD32 Antivirus. The web page is on the list of websites with potentially dangerous contents."

    I downloaded a NOD32 trial, and low and behold, I get the same issue. Can anyone point me in the right direction as to what to do about this? Thank you.

  2. Peter Wooster
    Member
    Posted 2 years ago #

    Your site has been hacked. Someone has inserted malware into one or more of your files. If you try to view the site from Chrome you will see this message. The malware is probably in an iframe in your index.php file. Try looking there first.

    /peter

  3. Brandon
    Member
    Posted 2 years ago #

    Thanks Peter. Wow, didn't realize I had such enemies, looking into it now!

  4. Peter Wooster
    Member
    Posted 2 years ago #

    You are welcome,

    Change your FTP password and check your PC for viruses and trojans. These attacks are often performed by stealing FTP passwords from PCs that use MS/IE. I never FTP from a PC, I use a Mac or a Linux workstation for that.

    It's also possible that your hosting company has a virus problem. There is a codex article on these attacks.

    /peter

  5. Brandon
    Member
    Posted 2 years ago #

    Ok, so my next question is, how can I be sure everything is cleaned out?

    Seems NOD32 adds blocked pages to a list, and I'm not so sure it automatically updates and removes those sites when they are clean. Also, I'm do not know if once manually removed from the list, it would ever pop up again if the site became infected again, or is in fact still infected.

  6. melanieann79
    Member
    Posted 2 years ago #

    Go to Sucuri, put in your site's url, and it will scan it and provide you information on any security issues. They'll also give you links to more info on any problems and how to fix. They offer security services and fixes as well, but I've never used them, so can't advise on that one way or another.

  7. Brandon
    Member
    Posted 2 years ago #

    Cool thanks, I just checked that out, but...

    So far everything on the site is a clean install, new passwords, clean computer, everything SHOULD be good. BUT

    That site is showing my site as not clean, and says these are the issues...

    -some kind of code in the twentyeleven theme
    -some google analytics code my server injects into the page

    Not sure what to do about those things, should I get rid of the theme, and try to figure out how to keep the server from injecting that analytics code into my pages? Not having much luck with that so far.

    Also, in other news, it seems like NOD32 blocks all .co.cc domains by default possibly. Doesn't explain the issues above though, or the possibility of chrome blocking the page, but I have been unable to replicate the chrome blocking on my own browser.

    Thanks guys, I'm getting closer I think! :)

  8. King Coal
    Member
    Posted 2 years ago #

    Hi everyone. I'm new here.
    My website has just developed a "block" by AVG Linkscanner Alert because of a Threat named Exploit Rogue Scanner (type 1929).
    I installed the plugin WordPress Antivirus 1.3 by Sergej Muller. It is scanning green, all clear. I entered my url in Sucuri as suggested above. That is showing up red flags for a virus. Also a redirect to a .ru site.

    Can anyone help please?

  9. tonyflanigan
    Member
    Posted 2 years ago #

    I've been finding a load of infection the past week - we run about 15 WordPress installs. Mostly the .com sites are being infected.

    Look in your themes functions.php - right near the end look for:
    <?php
    add_action('get_footer', 'add_sscounter');
    function add_sscounter(){

    From the opening <?php take out everything to the end. Once that is done, find the "Secure WordPress" plugin. Load it and activate. So far, touch wood, this seems to have sorted my problem out.

    I hope your issues are similar, and can be sorted as easily as mine were.

  10. King Coal
    Member
    Posted 2 years ago #

    Thanks Tony.

    I installed these plugins, WP Secure by SSM, Website Defence Security, and Sucuri Scanner. This is in addition to Antivirus.

    I'm still infected. The site is blocked on the search pages by Avg. It is also now being redirected to something like www2.save-sentineleoh.in/ etc. etc.

    It's really only the sucuri plugin that is flagging all the malware. But sucuri doesn't fix it. It brings me to their site and the fee is $90 to fix.

    Does anyone know what to do? Will google blacklist me if this is not fixed soon?

  11. tonyflanigan
    Member
    Posted 2 years ago #

    Hm. I'm not so smart - infections are back - and it's back to the drawing board. Sorry all :(

  12. King Coal
    Member
    Posted 2 years ago #

    Anybody know of a "malware removal" that will work, even at an affordable price? I've installed the plugins that should prevent further infections, but they won't cure what's already there.

    Does the $90 fee from sucuri for removal seem like a reasonable fee. I will have to go with that if there is no alternative.

    Any help would be very much appreciated.

  13. tonyflanigan
    Member
    Posted 2 years ago #

    I am extremely nervous - Like a good WordPress user I dutifully update my OS whenever a new release is available. I am thinking that may not be very smart. My girlfriend manages some of our sites, a few still ticking over sweetly on 2.7, with no infections, infestations, malware etc.

    In the course of my scrambling around looking for a means to eradicate the infection, I have, of necessity, been visiting lots of WordPress sites. Loads of them have been hacked. And I'm talking mainstream sites - sites who's owners will have upgraded.

    I'm still looking for a solution - but I don't think there are any - pending the newest release. This is some scary sh!t :(

  14. DeerMtn
    Member
    Posted 2 years ago #

    You might have something there Tony - I'm in the same boat and I always keep my computer clean and download the latest updates religiously! I have no idea what is going on, but this program (the AntiVirus for WP) has me stumped. It gives me plenty of warnings, but I have no idea on how to get rid of the problems? Why does it just tell you without getting rid of them, like a regular antivirus does?
    I'm thinking of rolling my WP site back to a couple of versions ago and see if that helps - I don't know what else to do; I certainly cannot afford to pay for a cure!
    If ya'll find out anything I hope you will post it here...

  15. tonyflanigan
    Member
    Posted 2 years ago #

    Heya DeerMtn.

    I'm watching this very cautiously. What I've done, and seems to be holding up so far (about 4days) is the following:

    1) Find and remove infection
    2) Install "antivirus" [http://wordpress.org/extend/plugins/antivirus/]
    3) Install wp-malwatch [http://wordpress.org/extend/plugins/wp-malwatch/]
    4) Install Secure WordPress [http://wordpress.org/extend/plugins/secure-wordpress/]
    5) Change all user Passwords (fortunately we have very very few)

    As I say, this process seems to be working so far, but I'm not relaxing yet.

  16. wassem mansour
    Member
    Posted 1 year ago #

    so did it work

    i am facing exactly the same things! :(

  17. tonyflanigan
    Member
    Posted 1 year ago #

    Hi was955.

    So far, touch wood, all is ticking over sweetly.

    What I have also done on one site was to change the FTP password, as the site host was not prepared to update/upgrade their server software.

    I must also tell all of you that whenever I do find an infection I let my host know. A quick check of your files will tell you which file was altered, with the date and time. My host, Collin, has been extremely helpful, and has gone to great lengths to help tighten his security.

Topic Closed

This topic has been closed to new replies.

About this Topic