WordPress.org

Ready to get started?Download WordPress

Forums

Malware notification (5 posts)

  1. tsvet
    Member
    Posted 6 years ago #

    Hi,
    I have recently been alerted with this message bellow. It says my site has been infected with some malware. When I try to load it indeed my NOD32 gives me a warning (while my McAfee at work does not) and I see the site is trying to load some IP/wp-content and then blocks.
    I have no clue about what causes the issue and how could I clean it. Could anyone help please?

    Dear site owner or webmaster of villa-bg.co.uk,

    We recently discovered that some of your pages can cause users to be
    infected with malicious software. We have begun showing a warning page
    to users who visit these pages by clicking a search result on Google.com.
    Below are some example URLs on your site which can cause users to be
    infected (space inserted to prevent accidental clicking in case your
    mail client auto-links URLs):

    http://blog.villa-bg .co.uk/
    http://blog.villa-bg .co.uk/?p=23

    Here is a link to a sample warning page:
    http://www.google.com/interstitial?url=http%3A//blog.villa-bg.co.uk/

    We strongly encourage you to investigate this immediately to protect
    your visitors. Although some sites intentionally distribute malicious
    software, in many cases the webmaster is unaware because:

    1) the site was compromised
    2) the site doesn't monitor for malicious user-contributed content
    3) the site displays content from an ad network that has a malicious
    advertiser

    If your site was compromised, it's important to not only remove the
    malicious (and usually hidden) content from your pages, but to also
    identify and fix the vulnerability. We suggest contacting your hosting
    provider if you are unsure of how to proceed. StopBadware also has a
    resource page for securing compromised sites:
    http://www.stopbadware.org/home/security

    Once you've secured your site, you can request that the warning be
    removed by visiting
    http://www.google.com/support/webmasters/bin/answer.py?answer=45432
    and requesting a review. If your site is no longer harmful to users,
    we will remove the warning.

    Sincerely,
    Google Search Quality Team

  2. mcrkon
    Member
    Posted 6 years ago #

    I receive the same error on my website, but no specifics as to what program might be causing it. Neither the hosting company or Google were helpful in resolving the problem.

    Any assistance with the issue would be GREATLY appreciated!

    Marian

  3. rawalex
    Member
    Posted 6 years ago #

    What it means is that like tens of thousands of other wordpress users, your site has been invaded by people using various holes in XMLRPC and similar to insert blank links and zero frames into your existing posts. Visually, you will see nothing (except perhaps the occasional broken post) but if you do a page source you will find hidden links or similar.

    Stopbadware has a very strong agreement with google and firefox that will pretty much shut your site down if they spot you having this stuff.

    Good luck finding all of it, there is usually tons of links and iframes hiding in your site.

  4. mcrkon
    Member
    Posted 6 years ago #

    Thanks, rawalex!

    So the main question is what is WP's solution to this problem? Is there a security patch fix and prevent it?

    Marian

  5. rawalex
    Member
    Posted 6 years ago #

    Wow... careful getting me started on this one.

    Are you running 2.5.1? If you are not, this is a good place to start. changing your passwords (including server logons, etc) is a good idea. Checking for modified files (it seems that template files and such get hacked now and again) and just generally making sure the stuff on your pages is free of outside links, hidden frames, etc. Check any users you have on your blog to make sure that they have not been promoted to author or admin if you don't want them to be.

    If you are running 2.5.1, the official party line is "it's your fault, there are no security holes in 2.5.1". in reality, wordpress is a complicated pieced of coding with more than enough spaghetti that I am sure someone can find a hole. most of the previous holes have been around xmlrpc, and after looking at the coding there, I can see why. :)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.