WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] My Site Hacked? (11 posts)

  1. jaco223
    Member
    Posted 3 years ago #

    Hello

    I was wondering how one can tell if their blog has been hacked? A friend of mine visited my blog and he uses Webroot a anti-virus/anti-spyware program. It is reporting my site as dangerous ....it's saying my site is among those known for spam malware and viruses. Bummer!
    Any suggestions, thoughts or advice?

    Thanks

  2. Samuel B
    moderator
    Posted 3 years ago #

  3. jaco223
    Member
    Posted 3 years ago #

  4. Samuel B
    moderator
    Posted 3 years ago #

    Hi,
    I don't see any evidence of a hack and my AVG anti virus gives your site a clean bill of health

    ask your friend - or you do it- to submit your site to webroot for re-evaluation

  5. jaco223
    Member
    Posted 3 years ago #

    @Samuel

    Great! Thanks so much for your help. I want to add that my "support" experience here a .org has been awesome!

    Jaco

  6. jaco223
    Member
    Posted 3 years ago #

    Hello

    I followed up on webroot actually a friend made couple of screen shots for me. The first shot indicates something about thickbox.js which is a javascript?

    the second shot say's there is a problem in the Prose child theme css minified.css

    Can someone have a look at the screenshots and perhaps point me inthe direction I need to go to correct this. I don't want to have any malicious code or bad links that would warn people off

    http://img233.imageshack.us/img233/9364/screenshot03.png

    http://img217.imageshack.us/img217/7058/screenshot04r.png

  7. ClaytonJames
    Member
    Posted 3 years ago #

    I had the same result as Samuel. I didn't get any suspicious alerts when I visited.

    The thickox.js file is present in a default wordpress installation, in the same path as your warning indicates: /wp-includes/js/thickbox/thickbox.js You can check it to make sure it's the legit copy if you like, though.

    http://core.trac.wordpress.org/browser/branches/3.0/wp-includes/js/thickbox

    If you obtained your copy of the prose theme from StudioPress, I highly doubt that there would be anything wrong with the minified.css

    I think you could be dealing with some false positives. Still, it wouldn't hurt to verify both files.

  8. jaco223
    Member
    Posted 3 years ago #

    @Clayton

    Yes I purchased Genesis through studiopress and as a bonus they are offering Prose for free. To be honest I don't really know what thickbox is. I do know it is out dated when I did a Google search on it. I haven't made any changes to the Genesis CSS. The only thing I did was to add the code for Google analytics. Which I believe I put in the footer or header. And I added the javascript for Woopra. Both changes seemed to work ok. I didn't receive any code errors.

    My friend is insisting maybe there is a questionable link in the code somewhere and it's driving me crazy.
    I wouldn't make any changes in the code because I don't know enough CSS to do anything other than adding GA and woopra which I followed the instructions as to where to put the code.
    I appreciate all the help Samuel and you have offered me. I'm a noob having moved from a wp free hosted blog. I like the self hosted because it gives me the opportunity to really learn about the wp platform.

  9. ClaytonJames
    Member
    Posted 3 years ago #

    My friend is insisting maybe there is a questionable link in the code somewhere and it's driving me crazy.

    The images you presented don't seem to directly support that theory, but stranger things have happened. However, when checking your site for questionable links, none pop up.

    This site sometimes helps in revealing odd things like that. http://www.unmaskparasites.com/ it didn't find anything suspicious at the moment.

    ...and, Google has not flagged your site;

    http://www.google.com/safebrowsing/diagnostic?site=bloggingperspectivesdaily.com/

    ..and the javascript file you referenced ( thickbox.js ) is supposed to be there. That same file exists on all of my WordPress sites. Just because it's not being maintained on the web doesn't mean it's no longer serviceable, or corrupt somehow. The minified.css is, I believe, just a composite of the themes default and user applied style "compressed" or composed, in such a manner as to remove all unnecessary white space from the file. You can verify that by downloading it directly from your browser, saving it to your desktop, and opening it with a good text editor.

    Is there another message or error that Webroot displays that would indicate the issue with the link as your friend suggests? Or has someone experienced an unwanted re-direct or unusual pop-ups that don't belong on your site? What is it that is making your friend insist that there is a malicious link somewhere? - I'm not saying it isn't possible - just looking for the evidence, mind you. :-)

    [edit] I just downloaded thickbox.js and minified.css from your site.

    I did a comparison of your javascript with the same file from one of my sites, and there was no differential. The files were identical. I would not hesitate to say at this point, that there is nothing wrong with that file.

    I also looked inside of minified.css, and I see nothing that indicates anything unusual.

  10. jaco223
    Member
    Posted 3 years ago #

    @Clayton

    I want to thank you very much for all the assistance you've provided me on this. I greatly appreciate it. I consider this thread resolved. My friend is being overly cautious I think. I suggested as was mentioned perhaps Webroot is turning up a false positive. To answer your questions no one I know has experienced unwanted re-directs, or pop-ups. I think my friend is solely insisting on a malicious link based on Webroot. With the help I've received in this thread I'm convinced my site is healthy. Thanks again Clayton and Samuel.
    As an unrelated side note, I've not posted any new content since the move from .com, however I'm learning a great deal about the wp software. I relate it to jumping from MS windows to Linux which is such a great learning experience. Not that I was really a big fan of MS, I've always been a Mac and Linux person. Cheers!

  11. ClaytonJames
    Member
    Posted 3 years ago #

    You're welcome. It never hurts to be cautious. Any time you see something like that, it's always worthwhile to investigate.

Topic Closed

This topic has been closed to new replies.

About this Topic