Title: Blackhole Exploit Kit Last modified: August 20, 2016 --- # Blackhole Exploit Kit * Resolved [Daniella](https://wordpress.org/support/users/ellaj/) * (@ellaj) * [13 years, 2 months ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/) * Hi, I’m using this plugin and was informed that two sites have the Blackhole Exploit virus. I scanned them using the AVG online tool: [http://www.avg.com.au/resources/web-page-scanner/](http://www.avg.com.au/resources/web-page-scanner/) When I run the website scan via BPS/Sucuri, the results are clean. Any ideas what is going on? Thank you. * [http://wordpress.org/extend/plugins/bulletproof-security/](http://wordpress.org/extend/plugins/bulletproof-security/) Viewing 13 replies - 1 through 13 (of 13 total) * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 2 months ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567429) * Who informed you that a Blackhole Exploit virus exists on the sites? Did they tell you where? * The only logical thing I can think of that they might be misinterpreting would be the 403.php template for error logging. It is similar to what a Blackhole Exploit might do. * When a 403 error occurs the person is sent to the 403.php error logging template file to log the error. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 2 months ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567583) * Can this Thread be resolved? If so, please resolve it. Thanks. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 2 months ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567596) * Resolving. * [TBE Nederland](https://wordpress.org/support/users/tbe-nederland/) * (@tbe-nederland) * [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567705) * Hello, * I am having a similar problem. * I also scanned my website with AVG and there are 2 threat types found, a Blackhole Exploit Kit and a JavaScript Obfuscation. * According to BPS/Securi the site is clean. * Google Webmaster Tools informed me that there is malware found on my site. Doesn’t BulletProof Security protects against these threats? * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567707) * Your site probably is clean then. One of the problems with scanners is it is impossible to make them 100% accurate because scanners are programmed to look for code patterns and sometimes see legitimate code as malicious code – false flags/false alerts. * So what I recommend is that you check with AVG to find out why these threats are being detected. From time to time my Internet security app sees legitimate code as malicious code and this is a false flag/false alert 1 out of 10 times and the creators of this app usually fix this issue within a day. * [The Hack Repair Guy](https://wordpress.org/support/users/tvcnet/) * (@tvcnet) * [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567708) * Agreed. I receive a good number of calls each month specific to AVG scanner software. AVG software shows client’s site as compromised, apparently due to long but legitimate JavaScript strings, or long login link, like this example: [http://my+site.com/?password-protected=login&redirect_to=http%3A%2F%2Fwww.m](http://my+site.com/?password-protected=login&redirect_to=http%3A%2F%2Fwww.m) y+site.com%2F%3Fdoing_wp_cron%3D1368628417.3787839412689208984375 * Then, once one of these software programs, like AVG or McAfee state a site is compromised, this may then start a chain reaction where other less scanners pop up with similar malware alerts, a knee jerk reaction to the scanners higher up in the food chain. * Once you submit a clear or review request for the website in question, it usually takes up to a week for the situation to fully clear up. * [TBE Nederland](https://wordpress.org/support/users/tbe-nederland/) * (@tbe-nederland) * [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567709) * Well i have asked the one who installed our website to check it, and he also found malware. So this means that this malware hasn’t been detected by BPS? I am a bit disappointed because i thought that the website was safe with BPS. * If you want to look at our site, here is a short url: [http://iturl.nl/snowfB](http://iturl.nl/snowfB) * Best Regards, TBE * Thread Starter [Daniella](https://wordpress.org/support/users/ellaj/) * (@ellaj) * [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567710) * Sorry, I didn’t respond….email issues. This thread is resolved on my end and I appreciated your help. * [TBE Nederland](https://wordpress.org/support/users/tbe-nederland/) * (@tbe-nederland) * [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567711) * Yes your issue has been resolved, but i have the same issue ;). That is why i replied in this topic. * So i hope they will give a reply to my last post. * With best regards, TBE * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567712) * I already did respond. You need to contact AVG to find out why their scanner is seeing a false flag/false alert. Or if it actually is some malicious code then AVG will be able to tell you that. Most likely it is a false flag/false alert and AVG will need to make a correction to their scanner check/code. If your site has been mistakenly blacklisted then you would need to request that it be un-blacklisted by whomever blacklists your site. ie AVG, Mcaffee, etc. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567713) * I forgot to mention that I have scanned your site and i did not find any malware on the site. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567714) * Also forgot to mention this. When you use a Minify plugin or use a minification feature in a plugin then this can trigger false alerts/false flags. Also minifying in general can actually make code/scripts less secure and cause vulnerabilities/ exploits if the original code is minified in a way that the built-in security protection in that script is no longer working correctly since it has been minified. This does not happen in every case, but I have found that this does happen in some cases depending on many different technical factors. * In my professional opinion you should never minify frontloading js scripts. All minifying plugins allow you to exclude js scripts from being minified. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567715) * Also if a script is minified in a way that BPS can no longer protect it then it will no longer be protected by BPS. 😉 It just depends on how the script is minified and how that minified script is processed. Once again there are many technical factors involved and a definite answer could not be given per script unless the minified code/script was tested for exploits/vulnerabilities by attempting to exploit it to get conclusive results. Viewing 13 replies - 1 through 13 (of 13 total) The topic ‘Blackhole Exploit Kit’ is closed to new replies. * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938) * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/) * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/) * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/) * 13 replies * 4 participants * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/) * Last activity: [13 years ago](https://wordpress.org/support/topic/blackhole-exploit-kit-1/#post-3567715) * Status: resolved