WordPress.org

Ready to get started?Download WordPress

Forums

Google issuing warnings about WP site: "content from counter-wordpress.com"? (58 posts)

  1. dgilmour
    Member
    Posted 2 years ago #

    Anyone know if this is part of core code, or coming from a plugin?

    Warning: Something's Not Right Here!
    <your WP site> contains content from counter-wordpress.com, a site known to distribute malware. Your computer might catch a virus if you visit this site.
    Google has found that malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed. Why not try again tomorrow or go somewhere else?
    We have already notified counter-wordpress.com that we found malware on the site. For more about the problems found on counter-wordpress.com, visit the Google Safe Browsing diagnostic page. (http://bit.ly/na8G5m)

  2. Curtiss Grymala
    Member
    Posted 2 years ago #

    It's not part of the core. There are basically three possibilities:
    1) Your theme has links/iframes that link to or pull in info from the site mentioned
    2) A plugin (more than likely not a plugin downloaded from the official WP repo) includes links/iframes that do so
    3) Your web server has been hacked, and someone has injected an iFrame or link into your site

    I'd start by visiting http://codex.wordpress.org/FAQ_My_site_was_hacked and try following all of the instructions there.

  3. Jean LeSheep
    Member
    Posted 2 years ago #

    I have also received this message today. I've scanned through my files and don't see anything out of the norm. I very few plugins. I will have to see what the next step is.

  4. dutchscene
    Member
    Posted 2 years ago #

    I've got the same problem with DutchScene.nl, our visitors can't visit the site with Chrome and was down in IE a few times.. In firefox and safari there isn't one problem. I hope someone has the solution!

  5. Jean LeSheep
    Member
    Posted 2 years ago #

    @dutchscene....yes, my only issue is in Chrome. Haven't tried w/IE though. Safari and Firefox have no problems. I use 1and1 hosting.

  6. dutchscene
    Member
    Posted 2 years ago #

    I've searched at our plugins but can't find a connection with counter-wordpress thingy. Shitty situation.

  7. thisisjustin
    Member
    Posted 2 years ago #

    Just had this problem on a client site, used http://sitecheck.sucuri.net/scanner/ to help narrow where the problem might lie.

    It found malware in a javascript file in wp-includes folder, I renamed the offending file to <filename.js.old> then uploaded a known good file I had on my computer. Afterwards I rescanned and it showed up clean.

    I did a few more checks here and there and with multiple browsers and seems to have fixed it.

    Also, the very first thing I did was reset passwords on accounts that had admin privileges.

    Hope that helps.

  8. Etownian
    Member
    Posted 2 years ago #

    Same issue! blog.etownian.org is having issues in Chrome, but nothing in Firefox (haven't tried IE yet). The same exact error message is coming up. I'm afraid to click on the link to counter-wordpress.com from Google, but all it says is a Welcome to nginx! tagline below the hyperlink. Is this an overreaction by Google or just better security measures? I haven't found anything out of place really after doing a complete scan.

  9. Jean LeSheep
    Member
    Posted 2 years ago #

    @thisisjustin I just used your link and it says might site is fine. I did however, re-install wordpress from the dashboard earlier. So maybe that helped.

  10. coolguygreg
    Member
    Posted 2 years ago #

    I'm getting the same message in Chrome, however when I run a scan at http://sitecheck.sucuri.net/scanner/ it comes back clean.

    Anyone know the source of the problem? Second malware problem I've had today. I host on Dreamhost and use an Elegant Themes theme. Both indicate no problems on their end.

  11. Jean LeSheep
    Member
    Posted 2 years ago #

    I'm coming back clean now. No more warnings in Chrome. All I did was delete plug-ins I wasn't using and re-installed the current version of wordpress.

  12. dutchscene
    Member
    Posted 2 years ago #

    Problem solved, thanks @Thisisjustin :)

  13. urbanbedougirl
    Member
    Posted 2 years ago #

    Ok I ran the scan and it's telling me that the infect area is the wp-includes folder as Thisisjustin said. However I am brand new to WP and have no HTML skills what so ever. Can anyone help me locate where this folder is and give me a dummy's guide to fixing it? I can no longer even access my dashboard on Chrome.

  14. dutchscene
    Member
    Posted 2 years ago #

    @urbanbedougirl Can you e-mail me? I'll help you through! a1414408@nepwk.com (this is a temporaly email and will be deleted in 10 mins, don't want spam!)

  15. urbanbedougirl
    Member
    Posted 2 years ago #

    Just e-mailed you dutchscene. Thanks!

  16. makmak23
    Member
    Posted 2 years ago #

    I'm getting the exact same errors, except sucuri is returning "clean". Any ideas? Those who have had infected files, can you tell us which of your files needed to be cleaned?

  17. Namskie
    Member
    Posted 2 years ago #

    I get the same message. Someone have a fix?????

  18. Jorge
    Member
    Posted 2 years ago #

    There is a fix but it's different for every install. These hackers got sneaky. If you have TimThumb installed in your theme, you might get this virus.

    Read this:

    http://wordpress.org/support/topic/iframe-hack-3

  19. Jorge
    Member
    Posted 2 years ago #

    @coolguygreg clear out the cache in Chrome after you have cleaned your WP install

  20. matale
    Member
    Posted 2 years ago #

    I have the same issue, sucuri indicates that my jquey file and another file are infected also when I downloaded my backups to windows my antivirus detected infections in 2 PHP files.

    Malware found on javascript file:
    http://****.com/wp-includes/js/jquery/jquery.js?ver=1.6.1

    Malware found on javascript file:
    http://*******.com/wp-includes/js/l10n.js?ver=20101110

    Backdoor:PHP/Merview.A
    \wp-admin\common.php->(SCRIPT0000)
    \wp-admin\js\config.php->(SCRIPT0000)

  21. matale
    Member
    Posted 2 years ago #

    Can also confirm that I have timthumb in my WPZOOM theme.

  22. Jorge
    Member
    Posted 2 years ago #

    Ipstenu said:

    Then you're not cleaning it up right.

    Best way at this point would be to do this:
    1) backup EVERYTHING to your PC. Files and DB.

    2) DELETE the files on your server. Yeah. Don't worry, your posts are on your database, we're leaving that alone.

    3) Change your passwords fro SSH/FTP and SQL

    4) On your PC, review the following files:
    .htaccess
    wp-config.php

    They look okay? Good. Copy them back up to your server (remember to edit your wp-config.php with your new SQL password).

    5) Get FRESH and CLEAN downloads of WordPress, all your themes and plugins

    6) As soon as you get in, change your passwords.

  23. magzparmenter
    Member
    Posted 2 years ago #

    Could someone please email me too..I really need a walk-through to deal with this.

    Thanks!

  24. and also change your ftp passwords. if they get into the server itself, it does not matter how secure WP is. they can get to your files like you can.

    Also moving this out of the multisite forum.

  25. Jorge
    Member
    Posted 2 years ago #

    @magzparmenter you can do it! Follow these instructions. It can be overwhelming but a fresh install later and clearing out your browser's cache will be a huge help.

    http://wordpress.org/support/topic/iframe-hack-3?replies=42#post-2290168

    FOLLOW THAT LINK!!!

  26. thisisjustin
    Member
    Posted 2 years ago #

    I agree with Jorge, the best way to ensure your site is clean is to back everything up and start fresh and load everything back one at a time while testing to make sure what you are putting back works properly.

  27. magzparmenter
    Member
    Posted 2 years ago #

    I know this sounds awful, but I've never done anything like this before. How do I get a backup that won't also be infected?

  28. Jorge
    Member
    Posted 2 years ago #

    @magzparmenter

    You download EVERYTHING (the new WP install and all your plugins) from WordPress.org and if you're using premium themes, make sure they're not running the TimThumb image resizing library.

    IF YOU DO RUN TimThumb, make sure your server (localhost) is the only domain that can write into your directories. You can do that by opening up /timthumb.php or /thumb.php in your theme and configuring not to allow remote access.

    EDIT: I have never used TimThumb for anything! WordPress has built in features and support to resize images and serve up image thumbnails on the fly. To me, it's a lot easier to use the_post_thumbnail function. That's just me though.

  29. matale
    Member
    Posted 2 years ago #

    TimThumb has been updated to fix the security hole, so you need to go into your theme directory and replace timthumb.php with the new one from here
    http://timthumb.googlecode.com/svn/trunk/timthumb.php

    More info:
    http://www.wpzoom.com/forum/viewtopic.php?f=21&t=5080

  30. magzparmenter
    Member
    Posted 2 years ago #

    OK, so sucuri now says my site is clean...but half of my images aren't showing up!

    I stupidly deleted TimThumb and now I can't get it back and not sure what to do...although, I have an Elegant Theme and they said they don't use TimThumb anymore because of its known vulnerabilities (no kidding!!)

    Grrr....grrrr.....grrr....

Topic Closed

This topic has been closed to new replies.

About this Topic