WordPress.org

Ready to get started?Download WordPress

Forums

Continued Malware warning on a 'fixed' site (2 posts)

  1. SpeakingTango
    Member
    Posted 1 year ago #

    I was getting a Malware warning when I went to my site http://speaking tango.com/ I had my friend 'geek' fix my site and he wrote a program to update it every hour - because the problem continued. He also addressed the Google verification - so I shouldn't be getting the Malware warning - but I do.

    He just checked today and said that inside the code is okay and the changes are good. He said that there is a vulnerability in WordPress that someone keeps taking advantage of - keeps putting in bad code on my homepage ... he doesn't quite understand it ... (and he's quite adept at IT and familiar with WordPress) - This is not really language I'm familiar with - I just do basic WordPress stuff. I still get a Malware warning as do others. So, at this point ... I really don't know what to do, whether it's fixed or not fixed etc. Is there anything you can tell me? Help me with this?

    Also, after Ignacio Ricci pulled his free Chateau template from my site and your WordPress choices and I didn't get a reply from him via email, I purchased an updated version of his theme. That's when the trouble started. So, I replaced it with one of your free themes for now. I don't know if that has something to do with the problem I'm having now or not. Thanks for any help. If replying - please remember I don't understand 'code/html talk'.

  2. michael.mariart
    Member
    Posted 1 year ago #

    If the site needs to be updated every hour to get rid of the extra code that's being added to it, then no it is in no way fixed.

    Borrowed from Jan in another post...

    You need to start working your way through these resources:http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Additional Resources:
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
    http://codex.wordpress.org/Hardening_WordPress
    http://www.studiopress.com/tips/wordpress-site-security.htm

    Also, check your theme to see if it uses TimThumb. if it does, you need to either ensure that it's updated to the latest current version available, or remove it all together. Every caes of malware that I've seen on my sites have been a direct result of that script being used in the theme, and there's a lot of fre eand commercial themes that use it.

Topic Closed

This topic has been closed to new replies.

About this Topic