WordPress.org

Support

Support » Plugins and Hacks » BulletProof Security » [Resolved] Blackhole Exploit Kit

[Resolved] Blackhole Exploit Kit

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author AITpro

    @aitpro

    Who informed you that a Blackhole Exploit virus exists on the sites? Did they tell you where?

    The only logical thing I can think of that they might be misinterpreting would be the 403.php template for error logging. It is similar to what a Blackhole Exploit might do.

    When a 403 error occurs the person is sent to the 403.php error logging template file to log the error.

    Plugin Author AITpro

    @aitpro

    Can this Thread be resolved? If so, please resolve it. Thanks.

    Plugin Author AITpro

    @aitpro

    Resolving.

    Hello,

    I am having a similar problem.

    I also scanned my website with AVG and there are 2 threat types found, a Blackhole Exploit Kit and a JavaScript Obfuscation.

    According to BPS/Securi the site is clean.

    Google Webmaster Tools informed me that there is malware found on my site. Doesn’t BulletProof Security protects against these threats?

    Plugin Author AITpro

    @aitpro

    Your site probably is clean then. One of the problems with scanners is it is impossible to make them 100% accurate because scanners are programmed to look for code patterns and sometimes see legitimate code as malicious code – false flags/false alerts.

    So what I recommend is that you check with AVG to find out why these threats are being detected. From time to time my Internet security app sees legitimate code as malicious code and this is a false flag/false alert 1 out of 10 times and the creators of this app usually fix this issue within a day.

    Agreed.
    I receive a good number of calls each month specific to AVG scanner software. AVG software shows client’s site as compromised, apparently due to long but legitimate JavaScript strings, or long login link, like this example:
    http://my+site.com/?password-protected=login&redirect_to=http%3A%2F%2Fwww.m
    y+site.com%2F%3Fdoing_wp_cron%3D1368628417.3787839412689208984375

    Then, once one of these software programs, like AVG or McAfee state a site is compromised, this may then start a chain reaction where other less scanners pop up with similar malware alerts, a knee jerk reaction to the scanners higher up in the food chain.

    Once you submit a clear or review request for the website in question, it usually takes up to a week for the situation to fully clear up.

    Well i have asked the one who installed our website to check it, and he also found malware. So this means that this malware hasn’t been detected by BPS? I am a bit disappointed because i thought that the website was safe with BPS.

    If you want to look at our site, here is a short url: http://iturl.nl/snowfB

    Best Regards,
    TBE

    Sorry, I didn’t respond….email issues. This thread is resolved on my end and I appreciated your help.

    Yes your issue has been resolved, but i have the same issue ;). That is why i replied in this topic.

    So i hope they will give a reply to my last post.

    With best regards,
    TBE

    Plugin Author AITpro

    @aitpro

    I already did respond. You need to contact AVG to find out why their scanner is seeing a false flag/false alert. Or if it actually is some malicious code then AVG will be able to tell you that. Most likely it is a false flag/false alert and AVG will need to make a correction to their scanner check/code. If your site has been mistakenly blacklisted then you would need to request that it be un-blacklisted by whomever blacklists your site. ie AVG, Mcaffee, etc.

    Plugin Author AITpro

    @aitpro

    I forgot to mention that I have scanned your site and i did not find any malware on the site.

    Plugin Author AITpro

    @aitpro

    Also forgot to mention this. When you use a Minify plugin or use a minification feature in a plugin then this can trigger false alerts/false flags. Also minifying in general can actually make code/scripts less secure and cause vulnerabilities/exploits if the original code is minified in a way that the built-in security protection in that script is no longer working correctly since it has been minified. This does not happen in every case, but I have found that this does happen in some cases depending on many different technical factors.

    In my professional opinion you should never minify frontloading js scripts. All minifying plugins allow you to exclude js scripts from being minified.

    Plugin Author AITpro

    @aitpro

    Also if a script is minified in a way that BPS can no longer protect it then it will no longer be protected by BPS. 😉 It just depends on how the script is minified and how that minified script is processed. Once again there are many technical factors involved and a definite answer could not be given per script unless the minified code/script was tested for exploits/vulnerabilities by attempting to exploit it to get conclusive results.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘[Resolved] Blackhole Exploit Kit’ is closed to new replies.
Skip to toolbar