Site hacked Mailware – Help

  • lovefishing

    (@lovefishing)


    12 years, 5 months ago

    Hi All

    It seems one of my clients sites has been hacked or infected with mailware. I changed the passwords which seemed to work for awhile but now google search have put a mark against my site and blacklisted .

    Any suggestions please

    Message from google below;

    Dear site owner or webmaster of mydomain.co.uk,

    We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
    Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):

    http://mydomain .co.uk/
    http://www.mydomain .co.uk/
    http://mydomain .co.uk/forsale/

    Here is a link to a sample warning page:

    http://www.google.com/interstitial?url=http%3A//mydomain.co.uk/

    We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:
    1) the site was compromised
    2) the site doesn’t monitor for malicious user-contributed content
    3) the site displays content from an ad network that has a malicious advertiser

    If your site was compromised, it’s important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
    http://www.stopbadware.org/home/security

    Once you’ve secured your site, you can request that the warning be removed by visiting
    http://www.google.com/support/webmasters/bin/answer.py?answer=45432

    and requesting a review. If your site is no longer harmful to users, we will remove the warning.

    Sincerely,
    Google Search Quality Team
    Note: if you have an account in Google’s Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter lovefishing

    (@lovefishing)

    12 years, 5 months ago

    another update from google

    Safe Browsing
    Diagnostic page for mydomain.co.uk

    What is the current listing status for mydomain.co.uk?
    Site is listed as suspicious – visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

    What happened when Google visited this site?
    Of the 13 pages we tested on the site over the past 90 days, 8 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-11-08, and the last time suspicious content was found on this site was on 2011-11-08.
    Malicious software is hosted on 1 domain(s), including nl.ai/.

    This site was hosted on 1 network(s) including AS26753 (IN2NET).

    Has this site acted as an intermediary resulting in further distribution of malware?
    Over the past 90 days, mydomain.co.uk did not appear to function as an intermediary for the infection of any sites.

    Has this site hosted malware?
    No, this site has not hosted malicious software over the past 90 days.

    How did this happen?
    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

    Next steps:
    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.

    Moderator cubecolour

    (@numeeja)

    12 years, 5 months ago

    Pretty much everything you need to know is in the links below:

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation
    http://ottopress.com/2009/hacked-wordpress-backdoors
    http://sitecheck.sucuri.net/scanner
    http://codex.wordpress.org/Hardening_WordPress

    Thread Starter lovefishing

    (@lovefishing)

    12 years, 5 months ago

    thank you , ill check them out

    Thread Starter lovefishing

    (@lovefishing)

    12 years, 5 months ago

    All the links above look like to much hassle! Opted for a total rebuild from scratch . Think it will be quicker than trying to fix it as the security is compromised and its hard to track exactly where.

    We have all the raw content handy so hopefully wont take to long

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    12 years, 5 months ago

    All the links above look like to much hassle! Opted for a total rebuild from scratch .

    Think it will be quicker than trying to fix it as the security is compromised and its hard to track exactly where.

    I completely sympathize and fully understand that response, securing your installation and fixing a hacked blog is a ton of work.

    But here’s the thing: the malware got on your WordPress install either due to a weakness on your server, plugin, theme, something running insecurely with your install, or via your (possibly) hacked PC.

    If you do all the work of doing a re-install without addressing the issue, you’ll be hacked again in no time flat.

    Please consider a good backup strategy for your files and database and at least reading up on that last link, scanning your PC, and changing all of your FTP, host, and WordPress passwords.

    http://codex.wordpress.org/Hardening_WordPress

    Thread Starter lovefishing

    (@lovefishing)

    12 years, 5 months ago

    Thanks for the post Jan,

    Were taking no chances , the main user machine has been wiped and Eset security added . Switched to my own hosting as I recently started to offer re-seller hosting and uploading the theme fresh together with all content or could we export all posts from the old one and re-import them to save time? And re-import the database tables to the new database.

    Clean start on the passwords to.

    Its all a major pain in the butt :/

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Site hacked Mailware – Help’ is closed to new replies.