Forums

WordPress › Support » How-To and Troubleshooting

Warning Message in Chrome (6 posts)

  1. Mervin Praison
    Member
    Posted 9 months ago #

    The following warning message appears:

    "Warning: Something's Not Right Here!

    clickseoservices.co.uk contains content from counter-wordpress.com, a site known to distribute malware. Your computer might catch a virus if you visit this site.
    Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else."

    I updated all my plugins and wordpress.
    I secured with wp-security scan and website defender
    Checked all my root folders, but there are no extra files other than default wordpress files.
    Checked files permissions and everything is ok.

    But the warning message still appears.
    Can any one help?

  2. esmi
    Theme Diva & Forum Moderator
    Posted 9 months ago #

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

  3. Mervin Praison
    Member
    Posted 9 months ago #

    Thanks Esmi

    Did the usual security things. But still no result.
    So I am planning to backup everything and re-installing the WordPress again. If there is any other suggestions, let me know.

    Thanks

  4. esmi
    Theme Diva & Forum Moderator
    Posted 9 months ago #

    Change your theme and deactivate all plugins.

  5. kmessinger
    Member
    Posted 9 months ago #

    Did you read this thread, http://wordpress.org/support/topic/google-issuing-warnings-about-wp-site-content-from-counter-wordpresscom?replies=52

  6. elegantthemes
    Member
    Posted 9 months ago #

    This is due to an outdated version of timthumb.php on your server. You should update this file to the latest version, or use a theme that does not include the file.

    I have been troubleshooting several sites that have been hit with this attack. I notice 2 major hacks going around over the past few days. Once you have updated your theme and removed timthumb (or updated it), here is some info on how to help clean up your site.

    If you have already been hit, then the first thing you should do is open wp-config.php and look for any suspicious code. Generally, you should delete everything after:

    require_once(ABSPATH . 'wp-settings.php');

    Check for suspicious whitespace as well. In one of the attacks, hundreds of lines of white space is been added to try and mask the malicious code.

    Next open index.php and delete everything between:

    require('./wp-blog-header.php');

    ...

    ?>

    After that I would re-install WordPress from within the WordPress Dashboard via the Updates tab to clean up the infected .js files. When you have done that I would probably run Clam-AV if you have it installed, as well as http://sitecheck.sucuri.net/scanner/. Clam will help pick up any suspicious code that has been obfuscated in base64.

    Finally, be sure to change your MySQL passwords and wp-admin passwords just in case. It's also worth mentioning that the timthumb vulnerability affects inactive themes as well. This script is very popular throughout the theme community. I would delete all of your inactive themes just to make sure you don't have any timthumb.php files laying around.

Reply

You must log in to post.

About this Topic

Tags