WordPress.org

Ready to get started?Download WordPress

Forums

Malware Attack (10 posts)

  1. soulkid
    Member
    Posted 4 years ago #

    I have been trying to combat an apparent Malware attack that google has flagged me on. I have two plugins, an antivirus for WP as well as an exploit searcher, and they find nothing.

    I seriously have tried everything I know how to do and cannot solve the problem. Can anyone advise me?

    I would say I am a medium, not advanced person, and am generally new to wordpress. This has already been a harrowing experience.

  2. soulkid
    Member
    Posted 4 years ago #

  3. lokrin2000
    Member
    Posted 4 years ago #

    Here is the info Google puts up for your site:

    Safe Browsing
    Diagnostic page for www.chambermusik.com
    
    What is the current listing status for www.chambermusik.com?
    
        Site is listed as suspicious - visiting this web site may harm
    your computer.
    
        Part of this site was listed for suspicious activity 2 time(s)
    over the past 90 days.
    
    What happened when Google visited this site?
    
        Of the 85 pages we tested on the site over the past 90 days, 5
    page(s) resulted in malicious software being downloaded and installed
    without user consent. The last time Google visited this site was on
    2009-10-29, and the last time suspicious content was found on this
    site was on 2009-10-29.
    
        Malicious software includes 36 trojan(s), 27 scripting exploit(s),
    25 exploit(s). Successful infection resulted in an average of 1 new
    process(es) on the target machine.
    
        Malicious software is hosted on 6 domain(s), including
    keymydomains.com/, chberger.com/, specialgt.com/.
    
        2 domain(s) appear to be functioning as intermediaries for
    distributing malware to visitors of this site, including
    specialgt.com/, ncenterpanel.cn/.
    
        This site was hosted on 2 network(s) including AS6461 (MFNX),
    AS31820 (PUGMARKS).
    
    Has this site acted as an intermediary resulting in further
    distribution of malware?
    
        Over the past 90 days, www.chambermusik.com did not appear to
    function as an intermediary for the infection of any sites.
    
    Has this site hosted malware?
    
        No, this site has not hosted malicious software over the past 90
    days.
    
    How did this happen?
    
        In some cases, third parties can add malicious code to legitimate
    sites, which would cause us to show the warning message.
    
    Next steps:
    
        * Return to the previous page.
        * If you are the owner of this web site, you can request a review
    of your site using Google Webmaster Tools. More information about the
    review process is available in Google's Webmaster Help Center.
    
    Updated 22 hours ago
    
    ©2008 Google - Google Home

    I suggest using the links here to contact Google directly and work things out. But first - go over your entire site and look for hacks.

  4. lokrin2000
    Member
    Posted 4 years ago #

  5. That link you've provided is not a WordPress blog. It eventually sends you /wordpress/ which works.

    From lokrin2000's comment

    Of the 85 pages we tested on the site over the past 90 days, 5
    page(s) resulted in malicious software being downloaded and installed
    without user consent.

    What did you do to the HTML output? The HTML I downloaded using curl is a complete unreadable mess. Makes it difficult to see why Google doesn't like your site.

  6. soulkid
    Member
    Posted 4 years ago #

    which html? mine?

    The code on my index page, for instance is so basic, and has no malware, yet is flagged.

    <head>

    <HTML LANG=en-US>
    <HEAD>
    <TITLE>CHAMBERMUSIK</TITLE>
    <LINK REV="made" href="mailto:chambermusikceo@gmail.com">
    <META NAME="keywords" CONTENT="sha stimuli, wu-tang clan, rza, gza, method man, ol' dirty bastard, ghostface killah, killa bees, hip-hop, rap music, underground, new york, online store, cd, dvd, mp3,chambermusik, hiphop, hip hop, grimey, dark, G-Clef da Mad Komposa, Soulkid Records, Soul Kid Klik, Sunz of Man, Killah Priest, Warcloud, buddha monk">

    <META NAME="description" CONTENT="Independent Hip-Hop Site / Killa Bee Hive
    Featuring the Best in Independent Hip-Hop
    news - store - forums - radio station - free downloads and more!">

    <meta name="google-site-verification" content="7wkKobDgzcxK71uQkgWUDYV055OXWYm89WYP-GmnBOc" />
    <META NAME="author" CONTENT="G-Clef da Mad Komposa">
    <META NAME="ROBOTS" CONTENT="ALL">

    </HEAD>

    <style type="text/css">
    <!--
    body, td, th {
    color: #FFFFFF;
    }
    body {
    background-color: #000000;
    }
    img {
    border:0px;
    }
    -->

    </style>
    </head><body>
    <p align="center">

    <table align="center" border="0" width="700">
    <tr>
    <td>
    <img src="http://chambermusik.com/images/movebackpromo.jpg" alt="Sha Stimuli coming to stores 11-27"></td>
    </tr>
    </table>

    <p align="center"> </p>
    <p align="center"><b>CONTINUE
    TO CHAMBERMUSIK.COM
    </b></p>

    </body>
    </html>

  7. soulkid
    Member
    Posted 4 years ago #

    its odd.. if you go to http://chambermusik.com/wordpress its unflagged but if you go to anything using www in it.. i get flagged.

    http://www.chambermusik.com/wordpress/ gets flagged.

  8. I meant the HTML code in your /wordpress/ URL.

    Your /wordpress URL gets 301 Moved Permanently redirected to the /wordpress/ URL. That's probably why Google doesn't flag.

    Give this a look

    http://www.unmaskparasites.com/malware-warning-guide/?url=www.chambermusik.com

    You may just need to request Google to re-review your site for malware.

  9. soulkid
    Member
    Posted 4 years ago #

    yeah well.. google is claiming the last time malware was found was 10-29, but I have submitted for review twice since then, and no changes so far.

  10. soulkid
    Member
    Posted 4 years ago #

    strange enough, after my last review I guess google saw fit to remove the warning. I really haven't made many changes! Makes me wonder if people are sometimes reporting just to mess with sites.

Topic Closed

This topic has been closed to new replies.

About this Topic