Google SafeBrowsing warning after 2 days with installed qTranslate (10 posts)

  1. d-phrag
    Posted 6 years ago #

    I've created a test blog for a client using a commercial (premium theme) from PremiumThemes.net. Everything seemed fine until I installed the latest version of qTranslate. Then 2 days after the install, Google Chrome browser alerted me the following:

    Warning: Visiting this site may harm your computer!
    The website at clubboricua.com contains elements from the site 2tomohappy.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
    For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for 2tomohappy.com.

    Anyone experiencing the same?


  2. I doubt it has anything to do with qtranslate. It may be the fact that your premium theme has obscured code in it that has links that lead to sites that are infected, like 2tomohappy. Check for base64 or encoded javascripts in footer.php, and scan with WordPress › WordPress Exploit Scanner « WordPress Plugins.

  3. e-sushi
    Posted 6 years ago #

    You've got some nasty, attacking javascript in there!

    4 exploit(s), 2 scripting exploit(s)

    I agree with songdogtech; it's bad code in the theme (or maybe even a plugin). Make sure you download your stuff from valid places (like here at wordpress.org) and be sure to never, ever use a "nulled" premium theme from somewhere.

    Those "nulled" or "hacked" premium themes are floating around on the web everywhere but they contain more badness than goodness most of the time. (Besides the fact that it is illegal to use them without paying.)

    My 2 cents: remove all files from the server, reinstall a fresh wordpress installation with fresh plugins and a free theme. When you do, make sure the places you download them can be trusted. Finally, ask Google.com to re-validate your site by requesting a re-validation.

    Good luck!

  4. d-phrag
    Posted 6 years ago #

    e-sushi, thanks for your insights, but I'm rather insulted as I purchased a license for those themes from PremiumThemes.net. I will get back to them of course, and ask what is it all about. Anyway, how you realized that there are exploits, by using WordPress Exploit Scanner? How did u do that on our site? Just willing to get more help on that...

    Thanks in advance.

  5. Your theme may not be the culprit. It's most often the bad guy in these cases, but an evil plugin could also do this.

    What plugins are you running?

  6. d-phrag
    Posted 6 years ago #

    okay, WordPress Exploit Scanner doesn't say ANYTHING at all...I'd expect from a piece of software to tell me that it didn't find anything instead of just acting like nothing happened. Any other insights on how catch that thing?

  7. d-phrag
    Posted 6 years ago #

    Ipstenu, on that particular site:

    All in One SEO Pack
    Theme Switcher Reloaded

    the theme itself has some features like Yoast Breadcrumbs and Google Analytics...what else? can't think of anything else

  8. FYI, the Exploit scanner only checks for base64 or encoded javascripts stuff, so it's possibly missing things that aren't hacked thusly. I don't use it so I don't know why it doesn't tell you nothing if you're 'safe' or if that's the indication of yet another problem with your site.

    Well obviously the easiest way to see if it's your theme is to switch to the default theme and see if you still get the errors etc.

    Before you go whole hog, rip everything out and start over, I'd check my server out. I recently saw someone who thought they had a WP hack but it turned out to be a server hack :/

  9. d-phrag
    Posted 6 years ago #

    Yes, it turned out the same - it's some sort of server hack. We are also hosting other sites with other CMS and they're not affected. Probably it is some combination of server & WP security holes. So, my apologies for starting such a thread, but you know the drill :)

    Will keep you posted on development, if anyone is interested.

  10. Both WordPress and server hardening info and links Hardening WordPress « WordPress Codex and the usual Google results. According to many in these forums, hacks often do come through shared hosting.

Topic Closed

This topic has been closed to new replies.

About this Topic