Ready to get started?Download WordPress


[resolved] Windows users getting a nasty surprise at my blog (13 posts)

  1. psheld
    Posted 3 years ago #

    Hi, in the past couple of hours I've had three Windows users contact me to tell me there's something wrong with my blog – http://www.philipsheldrake.com.

    Two had A/V warnings in their Chrome browser – something about spyware. One says his machine just shut down. :-(

    I've scanned it with http://www.unmaskparasites.com and http://sitecheck.sucuri.net and neither reports any problems. I'm a MacBook Pro user so can't look at it myself in Windows.

    Could anyone be so kind as to help?

  2. govpatel
    Posted 3 years ago #

    I clicked on your website and My Norton Blocked intrusion

    Category: Intrusion Prevention
    Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
    2/15/2012 12:51 PM,High,An intrusion attempt by was blocked.,Blocked,No Action Required,Web Attack: Malicious Toolkit Website 9,No Action Required,No Action Required,", 80",zoosalon.in/index.php?showtopic=559325,"MATHAV-1A073F5B (, 3596)",,"TCP, www-http"

  3. psheld
    Posted 3 years ago #

    Thanks govpatel.

    That doesn't look cool. Wonder how this happened and whether the other blogs on my site are OK? Wonder what I have to do now? :-(

  4. govpatel
    Posted 3 years ago #

    You will need check your wordpress see which file is infected.See if this helps

  5. psheld
    Posted 3 years ago #

    I think that this might be beyond my skillset, or time. Does anyone out there fix these things; sort of gun for hire?

  6. esmi
    Forum Moderator
    Posted 3 years ago #

  7. psheld
    Posted 3 years ago #

    Thanks esmi.

    Just for the record here, this is what I've done so far.

    * Change FTP passwords and delete unneeded accounts – DONE
    * Change your secret keys - DONE
    * Take a backup of what you have – DONE
    * ADMIN over SSL – NOT SURE? One to ask hosts about.
    * Used Bullet Proof Security to create secure .htaccess for root and for wp-admin folder, and to deny access to BPS Master and BPS Backup
    * Checked active_plugins record for PHP code disguised as jpeg file – None

    And I've just noticed that my long blogroll has been cut down to just six links. All are correctly hyperlinked.

  8. esmi
    Forum Moderator
    Posted 3 years ago #

  9. psheld
    Posted 3 years ago #

    Hi. My problems are getting worse. Another WordPress instance on the same hosting account has also been hit.

    I had a brief email exchange with http://sucuri.net last night who seem to have just the service I need, but they're totally silent today. Can't get a peep out of them. Maybe they're just stacked.

    Does anyone know of a similar service to Sucuri?


  10. psheld
    Posted 3 years ago #

    Right then. Sucuri got to me eventually, and tell me they've cleaned out the malware.

    Hopefully no-one gets that warning in Windows now!

    Thanks all for your help.

  11. photon-x
    Posted 2 years ago #


    Were you satisfied with Sucuri's services?

    Yes, my sites got hacked, too, and I'm looking at them to do the clean up.

    Thanks for any insights.


  12. psheld
    Posted 2 years ago #

    Hi Photon-X,

    As you will tell from the thread, I was a little frustrated that a day passed without attention from Sucuri, but that appears to have been a blip.

    They cleaned my sites. I got hacked again. They looked into it further, cleaned them again and gave me advice on how to prevent reoccurrence. I took the advice, and so far so good.

    All in all, I recommend Sucuri.

  13. photon-x
    Posted 2 years ago #


    Thanks for the reply and info.


Topic Closed

This topic has been closed to new replies.

About this Topic