WordPress.org

Ready to get started?Download WordPress

Forums

Fake App Attack Help (16 posts)

  1. Nehemoth
    Member
    Posted 2 years ago #

    Hi there,

    Someone today report me that Firefox say my site have malware, I checked and rechecked several time and I couldn't fine anything but later I found norton safe web with have a report for my site specifying at least 7 threads.

    I'm looking into my site right now but with not experience I'm looking for some help.

    Here's the report

    http://safeweb.norton.com/report/show?url=nehemoth.com

    Thank you

  2. esmi
    Forum Moderator
    Posted 2 years ago #

  3. perezbox
    Member
    Posted 2 years ago #

    @nehemoth looks like you are still having an issue with this. Looks like you are still blacklisted by Norton. What progress have you made reading through links @esmi provided?

    Thanks

  4. Nehemoth
    Member
    Posted 2 years ago #

    Hi @perezbox thank you for the reply.

    I did try some advice in the links provide by @esmi but sadly I haven't been able to find out the cause ot the problem.

    I remember like a year or two ago, Google notified me of something similar and with the plugin exploit scanner I found the problem sadly this isn't the case.

  5. perezbox
    Member
    Posted 2 years ago #

    @nehemoth

    Ok, this one is going to be a bit of challenge because the information being provided by Norton is sometimes cached and not very specific. You do know its some type drive by download so you're going to want to look for some kind of obfuscated code.

    Help us out, what have you done already?

    Thanks

  6. Nehemoth
    Member
    Posted 2 years ago #

    Exactly this, I've searched for obfuscated code inside several files, I ran exploit scanner and check every exit output.

    I read all the above links weeks ago and I couldn't fine anything.

  7. adpawl
    Member
    Posted 2 years ago #

    Nehemoth, your old site was infected (google cache 11.05.2012), a new look as clean.

    http://safeweb.norton.com/help/site_owners#rating_inaccurate

  8. perezbox
    Member
    Posted 2 years ago #

    @adpawel, I'm confused.

    Are you saying that Norton is using the Google blacklisting API? Or are you pointing him to the instructions to submit for a review? Although I think they do use the Google blacklisting engine also.

    I think its the latter, right? or maybe both.

    @nehemoth have you submitted to Norton for a review just to confirm it is in fact still infected according to their engine?

    I ask all this because you're still showing infected on Norton: http://safeweb.norton.com/report/show?url=nehemoth.com and that'll show up for anyone running Norton. So if it is clear, per @adpawl then you're going to want to resubmit for evaluation to clear that warning.

    Wow, didn't mean to complicate that..lol

  9. adpawl
    Member
    Posted 2 years ago #

    I say that norton checked and marked the old, infected site.
    A copy of that page is available in Google cache

    If Norton not verified and not removed from the blacklist a new page - it's necessary to write for a review.

    New site is clean: google, sucuri, avg ...

  10. Nehemoth
    Member
    Posted 2 years ago #

    @adpawl I just change the Theme last night, I was thinking about the theme been infected but the links reported by Norton are working still.

    @perezbox I didn't submitted, as I said before those links are still working

    Also the site have been clean always in Google and the other engines That I used, the only with something to report was always Norton.

  11. perezbox
    Member
    Posted 2 years ago #

    @Nehemoth I think what we're saying is to proceed with submitting it to Norton to see what they say. It could be a false positive, unsure right now. If you submit you'll know for sure if they are flagging something current, or if its a cache issue.

    I would also trying leveraging a number of other user agents to see if you can't replicate the issue on the client side. If its a drive by download then its likely also conditional. Meaning only specific conditions render the issue (i.e., Windows Box, XP OS, IE 7, etc..).

    Make sense?

  12. Nehemoth
    Member
    Posted 2 years ago #

    @perezbox It makes sense to me, sadly those links works in any browser tested (IE, Fx and Cm) on W7, W2K3.

    The links looks too me safe but I don't event know how those links are create (the algorithm) and of course I don't know if those links should be there in first place.

    I registered the site on the norton web and Submitted for a revision, I market six as removed and one as not harmful.

    Lets see what happens.

  13. perezbox
    Member
    Posted 2 years ago #

    Gotcha.. You can also try using something like this: http://www.botsvsbrowsers.com/SimulateUserAgent.asp

    You're using very limited agents, there are hundreds, if not thousands. But at this point, its probably best to wait and see what they say instead of pulling your hair out. You could literally spent all day testing agents..lol.. trust me..lol

    Hopefully its a false positive.. fingers crossed. Let us know though or I'll start losing sleep..:) j/k

  14. Nehemoth
    Member
    Posted 2 years ago #

    Indeed @perezbox lets hope for the best.

    I've submitted it in that way precisely to know better about this service.

    I will update as soon as I receive any notice.

    Thank you very much for the support, outstanding

  15. Nehemoth
    Member
    Posted 2 years ago #

    Update

    The site its clean
    http://safeweb.norton.com/report/show?url=nehemoth.com

    Sadly I didn't received any information, just that has been reevaluated and everything its OK

  16. perezbox
    Member
    Posted 2 years ago #

    Boom.. legit..

    Cool

Topic Closed

This topic has been closed to new replies.

About this Topic