Malware Attack

soulkid
(@soulkid)

16 years, 7 months ago

I have been trying to combat an apparent Malware attack that google has flagged me on. I have two plugins, an antivirus for WP as well as an exploit searcher, and they find nothing.

I seriously have tried everything I know how to do and cannot solve the problem. Can anyone advise me?

I would say I am a medium, not advanced person, and am generally new to wordpress. This has already been a harrowing experience.

Viewing 9 replies - 1 through 9 (of 9 total)

Thread Starter soulkid
(@soulkid)

16 years, 7 months ago

my site is http://www.chambermusik.com
lokrin2000
(@lokrin2000)

16 years, 7 months ago
Here is the info Google puts up for your site:
```
Safe Browsing
Diagnostic page for www.chambermusik.com

What is the current listing status for www.chambermusik.com?

    Site is listed as suspicious - visiting this web site may harm
your computer.

    Part of this site was listed for suspicious activity 2 time(s)
over the past 90 days.

What happened when Google visited this site?

    Of the 85 pages we tested on the site over the past 90 days, 5
page(s) resulted in malicious software being downloaded and installed
without user consent. The last time Google visited this site was on
2009-10-29, and the last time suspicious content was found on this
site was on 2009-10-29.

    Malicious software includes 36 trojan(s), 27 scripting exploit(s),
25 exploit(s). Successful infection resulted in an average of 1 new
process(es) on the target machine.

    Malicious software is hosted on 6 domain(s), including
keymydomains.com/, chberger.com/, specialgt.com/.

    2 domain(s) appear to be functioning as intermediaries for
distributing malware to visitors of this site, including
specialgt.com/, ncenterpanel.cn/.

    This site was hosted on 2 network(s) including AS6461 (MFNX),
AS31820 (PUGMARKS).

Has this site acted as an intermediary resulting in further
distribution of malware?

    Over the past 90 days, www.chambermusik.com did not appear to
function as an intermediary for the infection of any sites.

Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90
days.

How did this happen?

    In some cases, third parties can add malicious code to legitimate
sites, which would cause us to show the warning message.

Next steps:

    * Return to the previous page.
    * If you are the owner of this web site, you can request a review
of your site using Google Webmaster Tools. More information about the
review process is available in Google's Webmaster Help Center.

Updated 22 hours ago

©2008 Google - Google Home
```
I suggest using the links here to contact Google directly and work things out. But first – go over your entire site and look for hacks.
lokrin2000
(@lokrin2000)

16 years, 7 months ago

For some reason those two links did not embedd right:

http://www.google.com/webmasters/tools/
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

16 years, 7 months ago
That link you’ve provided is not a WordPress blog. It eventually sends you /wordpress/ which works.

From lokrin2000’s comment
```
Of the 85 pages we tested on the site over the past 90 days, 5
page(s) resulted in malicious software being downloaded and installed
without user consent.
```
What did you do to the HTML output? The HTML I downloaded using curl is a complete unreadable mess. Makes it difficult to see why Google doesn’t like your site.
Thread Starter soulkid
(@soulkid)

16 years, 7 months ago

which html? mine?

The code on my index page, for instance is so basic, and has no malware, yet is flagged.

<head>

<HTML LANG=en-US>
<HEAD>
<TITLE>CHAMBERMUSIK</TITLE>
<LINK REV=”made” href=”mailto:chambermusikceo@gmail.com”>
<META NAME=”keywords” CONTENT=”sha stimuli, wu-tang clan, rza, gza, method man, ol’ dirty bastard, ghostface killah, killa bees, hip-hop, rap music, underground, new york, online store, cd, dvd, mp3,chambermusik, hiphop, hip hop, grimey, dark, G-Clef da Mad Komposa, Soulkid Records, Soul Kid Klik, Sunz of Man, Killah Priest, Warcloud, buddha monk”>

<META NAME=”description” CONTENT=”Independent Hip-Hop Site / Killa Bee Hive
Featuring the Best in Independent Hip-Hop
news – store – forums – radio station – free downloads and more!”>

<meta name=”google-site-verification” content=”7wkKobDgzcxK71uQkgWUDYV055OXWYm89WYP-GmnBOc” />
<META NAME=”author” CONTENT=”G-Clef da Mad Komposa”>
<META NAME=”ROBOTS” CONTENT=”ALL”>

</HEAD>

<style type=”text/css”>
<!–
body, td, th {
color: #FFFFFF;
}
body {
background-color: #000000;
}
img {
border:0px;
}
–>

</style>
</head><body>
<p align=”center”>

<table align=”center” border=”0″ width=”700″>
<tr>
<td>
<img src=”http://chambermusik.com/images/movebackpromo.jpg” alt=”Sha Stimuli coming to stores 11-27″></td>
</tr>
</table>

<p align=”center”> </p>
<p align=”center”><b>CONTINUE
TO CHAMBERMUSIK.COM</b></p>

</body>
</html>

Thread Starter soulkid
(@soulkid)

16 years, 7 months ago

its odd.. if you go to http://chambermusik.com/wordpress its unflagged but if you go to anything using www in it.. i get flagged.

http://www.chambermusik.com/wordpress/ gets flagged.

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

16 years, 7 months ago

I meant the HTML code in your /wordpress/ URL.

Your /wordpress URL gets 301 Moved Permanently redirected to the /wordpress/ URL. That’s probably why Google doesn’t flag.

Give this a look

http://www.unmaskparasites.com/malware-warning-guide/?url=www.chambermusik.com

You may just need to request Google to re-review your site for malware.

Thread Starter soulkid
(@soulkid)

16 years, 7 months ago

yeah well.. google is claiming the last time malware was found was 10-29, but I have submitted for review twice since then, and no changes so far.

Thread Starter soulkid
(@soulkid)

16 years, 7 months ago

strange enough, after my last review I guess google saw fit to remove the warning. I really haven’t made many changes! Makes me wonder if people are sometimes reporting just to mess with sites.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Malware Attack’ is closed to new replies.

Malware Attack

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics