WordPress.org

Ready to get started?Download WordPress

Forums

Malware on my website (26 posts)

  1. Suzanneper
    Member
    Posted 3 years ago #

    I have been told my website is affected by Malware and in fact when I Google my site, a notice is below my URL saying that the site could be dangerous. What do I do?
    This is my site: http://theaffordablewardrobe.com/

    Suzanne

  2. Suzanneper
    Member
    Posted 3 years ago #

    However, you probably shouldn't go into it if it's so dangerous. How could it have got infected?

  3. Suzanneper
    Member
    Posted 3 years ago #

    I checked for Malware and none was found but I have been blacklisted. How do I sort that?

  4. MickeyRoush
    Member
    Posted 3 years ago #

  5. Suzanneper
    Member
    Posted 3 years ago #

    How do you know that is the case?

  6. MickeyRoush
    Member
    Posted 3 years ago #

  7. Suzanneper
    Member
    Posted 3 years ago #

    I've just updtaed my WordPress version and also my theme but I guess it will need more work than that. I'm off to be now - it's after 11pm here in New Zealand but tomorrow I will look at those links and see what I have to do. Thanks for your help.

  8. MickeyRoush
    Member
    Posted 3 years ago #

    Yeah, you may have to replace a few standard WordPress files. And delete a few others.

    If you have any of these files they can be safely removed as they are not standard WordPress files.
    The latest hack could also create the following files:
    /wp-admin/common.php
    /wp-admin/upd.php
    /wp-admin/js/config.php
    /wp-content/2b64c2f19d868305aa8bbc2d72902cc5.php (or similar)
    /wp-content/themes/[theme's name]/temp/eab9c5e9815adc4c40a6557495eed6d3.php (or similar)
    /wp-content/upd.php

    Possibly also (there should be no php files in your uploads folder(s):
    /wp-content/uploads/feed-file.php
    /wp-content/uploads/feed-files.php

    &
    /wp-content/themes/[theme's name]/wp.php
    /wp-content/themes/[theme's name]/sm3.php
    /wp-content/themes/[theme's name]/r1.php
    /wp-content/themes/[theme's name]/2.php

  9. MickeyRoush
    Member
    Posted 3 years ago #

    You'll need to inspect your root .htaccess file.

    It may have a bunch of white space then at the end of the file there could be some redirects.

    The sucuri scanner is not revealing anything about your site.

    http://sitecheck.sucuri.net/scanner/

  10. MickeyRoush
    Member
    Posted 3 years ago #

    These four standard WordPress files need to be inspected:
    **NOTE** wp-config.php has vital information for the operation of your site, backup all pertinent information.

    /wp-config.php
    /wp-settings.php
    /wp-includes/js/l10n.js
    /wp-includes/js/jquery/jquery.js

  11. Suzanneper
    Member
    Posted 3 years ago #

    Wow, that will take a bit of inspection and I will do it tomorrow. I really am off to bed now. I will post tomorrow night after work how I get on after I've looked for those files.

  12. DO NOT give total strangers your information! Posts by dev222 have been removed. UNLESS you have hired someone, NEVER give out password/ID info. That's just so insecure it's not funny.

    Suzanneper - If you've been impacted by the TimThumb hack, you need to do something hard core and you wno't like it.

    1) Backup all your files and your database offline

    2) Delete ALL the WordPress files off your server except for wp-config.php, .htaccess and the folder /wp-content/uploads

    3) Review wp-config.php and .htaccess for ANYTHING that looks out of the ordinary. Any redirects to external sites, etc.

    4) Change ALL your passwords. FTP/SSH, email and SQL. Especially the one you used in wp-config.php

    5) Get fresh copies of WordPress core, all your themes and plugins, and upload them back to your server.

    6) Change your WORDPRESS password.

  13. Suzanneper
    Member
    Posted 3 years ago #

    I didn't give dev222 any information.
    What you have told me is double dutch so it will take a bit of figuring out. Before i try to do all that, how do I make sure I have been impacted by the Tim Thumb hack?

  14. Check your site on http://sitecheck.sucuri.net/scanner/

    It says Google's black listing you with the following info: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=theaffordablewardrobe.com

    That counter-wordpress link? IS one of the URLS used by the timthumb hackers. So yes, you've been hit.

    (and I suspect you had not given dev222 any info, but best to be safer than sorry-er)

  15. Suzanneper
    Member
    Posted 3 years ago #

    Thanks so much for your help. I was thinking of abandoning the blog as it is only about 4 or 5 months old and I could start a new one. That would solve the problem, wouldn't it? I know I would lose all my followers etc. but I have probably lost them anyway with this issue. What do you think?

  16. Suzanneper
    Member
    Posted 3 years ago #

    I have discovered this code on my site. It looks kind of out of place:
    /* Son of Suckerfish - what makes it tick */
    #nav, #nav ul {
    padding: 0;
    margin: 0;
    list-style: none;
    z-index: 100;
    }
    Can anyone tell me if that should be there? It's the only strange thing I can see.

  17. MickeyRoush
    Member
    Posted 3 years ago #

    That's part of a css file.
    It's for a drop down menu and someone is just commenting the original author. I believe. Someone can correct me if I'm wrong.

    I do not believe it's malicious.

  18. Suzanneper
    Member
    Posted 3 years ago #

    It's in the template code. It stands out as really different.

  19. MickeyRoush
    Member
    Posted 3 years ago #

    You can Google:
    Son of Suckerfish

    And maybe verify that your theme uses it. But I don't believe that particular part is malicious.

  20. Suzanneper
    Member
    Posted 3 years ago #

    Yes, I think you are right. I think I should abandon this site and start again.

  21. Suzanneper
    Member
    Posted 3 years ago #

    That you know of, is there any way to change my domain name without incurring exactly the same start up costs again. The stigma is attached to the domain name now as well as my blog.

  22. MickeyRoush
    Member
    Posted 3 years ago #

    If you're going to rebuild it, just give Google some time to start crawling your site again. It will take time. Or better yet create an account with their Webmaster Tools:

    https://www.google.com/accounts/ServiceLogin?service=sitemaps&passive=1209600&continue=https://www.google.com/webmasters/tools/&followup=https://www.google.com/webmasters/tools/

    Most website owners should create an account with them even if they don't already have one. It's a great service and may also inform you on what particular reason and/or file(s) is causing them to list your site as malicious.

    But a new domain name is not that expensive, we'll it shouldn't be. If you really want a new domain name, contact your current host requesting their prices (they're usually under $10/yr, but prices fluctuate and I haven't purchased one in awhile).

  23. Suzanneper
    Member
    Posted 3 years ago #

    The domain name is about $10, as you said, but there's the 'Purchase Web Hosting' cost which is quite a bit. Do you know if there is a web hosting cost for each domain? I bought 2 years of hosting for my blacklisted one and have only had it for a few months. I am wondering if I can transfer the time left to a new one. I guess I will have to ask them.

  24. That you know of, is there any way to change my domain name without incurring exactly the same start up costs again. The stigma is attached to the domain name now as well as my blog.

    You don't HAVE to do it that way. If you want to start over, you can keep the domain and loose the blacklist pretty easily.

    If you really want to, just delete your WP database and ALL your files and folders.

    Now take a deep breath. Ahhh. Okay, change your passwords on your webhost. All of them. Yes, you STILL need to do that.

    Then just upload a new version of WordPress and have a party.

  25. Suzanneper
    Member
    Posted 3 years ago #

    Thanks for your reply, Ipstenu. I am still thinking about what to do. Thanks to all of you who have helped me.

  26. Suzanneper
    Member
    Posted 3 years ago #

    I now have a new domain and have started a new blog (nothing there yet though)but now I want to close my old blog and I can't seem to access my admin page of it any more. How do I close it?
    The old domain which holds my blog is redirecting to my new domain and I am afraid it might bring the problems with it so I really want to kill the old blog.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags