WordPress.org

Ready to get started?Download WordPress

Forums

Chrome shows malware warning on blog (6 posts)

  1. akjackson1
    Member
    Posted 2 years ago #

    I've had several of my friends tell me they get a malware warning when visiting my site.

    Occasionally I visit my site and I get the same warning, but not all the time.

    When it shows the warning i search my code something's inserted an iframe from "newtools.uni.me". When I refresh the page, it's gone. i also noticed another time that there was a big fat regular expression at the top of my page used to insert the iframe, but how is it getting there? And why only occasionally?

    I only have three plugins activated:
    Akismet
    GPicasa
    OD Add rel=prettyPhoto
    Picasa Express x2

    I'm also using a themeforest.net template..

    site: http://adamjackson.me/

    I really hate to have this warning come up, looks really bad for people going to my site. It's extremely hard to debug as well seeing that it goes away on a page refresh.

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    Have you tried:

    - deactivating all plugins to see if this resolves the problem. If this works, re-activate the plugins one by one until you find the problematic plugin(s).

    - switching to the Twenty Eleven theme to rule out any theme-specific problems.

    - resetting the plugins folder by FTP or PhpMyAdmin. Sometimes, an apparently inactive plugin can still cause problems.

    - re-uploading the wp-admin and wp-includes folders from a fresh download of WordPress.

  3. akjackson1
    Member
    Posted 2 years ago #

    I did try deactivating all the plugins, and I thought that worked, but what I realized was it just wasn't showing up (most likely), since it only appears on rare occasion.

    I just realized now that there was also an admin registered that i did NOT create, so maybe that was the issue.

  4. perezbox
    Member
    Posted 2 years ago #

    Hey Akjackson

    Sounds like you're suffering from conditional malware, you can find more information looking up "polymorphic malware".

    Your best bet is to scrub your server, all sites, and find the backdoor. If not, it'll just keep jumping around to its hearts content.

  5. gesman
    Member
    Posted 2 years ago #

    The problem with *any* malware infection is that once infected - you never know where actual malware would hide.
    In other words updating, removing or overwriting plugins, as well as updating (or even removing and reinstalling) the whole wordpress would not help because malware usually leaves hidden backdoor files and quite often outside of any wordpress directory structures.
    Normal detection tools (like wordpress plugins) quite often would not work because today's malware backdoor scripts are not necessarily malicious looking files, but rather legitimate scripts offering functions to plant actual malware.

    The effects of malware infection is that your site becomes spammers and scammers paradise offering hidden redirects of your visitors to scammers portals usually selling porn, drugs and casinos.
    Once Google detects such changes on your site - it sends you a warning and then remove your site from search engine index and all your hard earned rankings are gone for good.
    So taking care of this asap is the way to go.

    I personally was infected by malware 3 times. Shame on me - because I have intensive anti-virus development experience. And that happened because I was just been plain not careful with the way I maintained my websites.
    After third time I decided to take matters in my own hands and with the help of custom software as well as manual analysis approach - managed to scan, find and remove not only actual malware files, but also innocent looking malware "helper" files from my server. My site has been clean since then.

    It is a lots of work but if you interested - contact me as I started to offer this service on a consulting basis already.

    Gleb

  6. perezbox
    Member
    Posted 2 years ago #

    We're seeing an increase in the following: http://blog.sucuri.net/2012/04/getmama-conditional-malware-affecting-thousands-of-sites.html

    Check yourself by looking at all your PHP files. Its evolving so be mindful of that.

Topic Closed

This topic has been closed to new replies.

About this Topic