...

View Full Version : Urgent... website problem regarding malicious software



xuan88
06-01-2009, 03:57 AM
Harmful software has been uploaded to my blog (not sure where the source come from) might be people hacking or the malicious software
has been distributed on the web (most of the malware now are
automated). I'm not sure which of these is the cause. This malware
actually created by people and injected to one machine / site >
malware has the capability to change itself / transport to other
machine linked > and these things kept jumping from one site to other
site.

Therefore, google has just recorded my blog as a harmful website. :( In
order to clear this thing and get back my blog, what do you recommend me to do? Anyone here know about this matter?

Please kindly share your experiences on how to clear this problem.

Thanks :)

_Aerospace_Eng_
06-01-2009, 06:29 AM
What kind of blog do you have and have you installed all updates?

xuan88
06-01-2009, 08:09 AM
It is my blog to give readers updates on the recent news.
Basically a blog host by a free web hosting.

_Aerospace_Eng_
06-02-2009, 04:36 AM
I understand its a blog but which blog software are you using? Wordpress, blogger? Something different?

frankle
06-02-2009, 07:03 AM
Harmful software has been uploaded to my blog (not sure where the source come from) might be people hacking or the malicious software
has been distributed on the web (most of the malware now are
automated). I'm not sure which of these is the cause. This malware
actually created by people and injected to one machine / site >
malware has the capability to change itself / transport to other
machine linked > and these things kept jumping from one site to other
site.

Therefore, google has just recorded my blog as a harmful website. :( In
order to clear this thing and get back my blog, what do you recommend me to do? Anyone here know about this matter?

Please kindly share your experiences on how to clear this problem.

Thanks :)

Your website link please.

Regards.

VIPStephan
06-02-2009, 12:02 PM
Spam robots often look for standard footer messages of default installations such as “Site created with [software name]”. If you do a search about the malicious code they injected into your site then you’ll probably find other sites with the same CMS and such a footer message. And most of them haven’t upgraded to the latest version, and are therefore vulnerable to threats that have already been fixed in the latest version.

xuan88
06-03-2009, 10:56 AM
I'm using wordpress and free hosting by rycohost.com

I'm quite confuse and not sure what should I do next.

Please give me your advises as I know some of you here are expert.
Thanks alot.

xuan88
06-03-2009, 11:03 AM
Spam robots often look for standard footer messages of default installations such as “Site created with [software name]”. If you do a search about the malicious code they injected into your site then you’ll probably find other sites with the same CMS and such a footer message. And most of them haven’t upgraded to the latest version, and are therefore vulnerable to threats that have already been fixed in the latest version.

Does it mean that I need to install the latest version of wordpress?
Will my posts still at the database? Or there's still malicious code at my site?

VIPStephan
06-03-2009, 11:45 AM
Yes, you should always upgrade to the newest version as soon as it is available. Normally, at an upgrade (at least a minor one) you only overwrite the files on the server, the database stays the same, and hence, your entries stay the same. However, it’s always recommended to do a backup of your database and your files on the server before performing an upgrade (I think there are Wordpress plugins for DB backup).

We can’t be 100% sure but it’s likely that they have injected their malicious code into your database so it would be good to search your DB (e. g. using phpMyAdmin) for the bad entries. It would really be hepful if you gave us a link to your site so we can see what’s wrong and may give some better advice.

_Aerospace_Eng_
06-03-2009, 06:51 PM
Be sure to read the documentation on the upgrade process.

http://codex.wordpress.org/Upgrading_WordPress

VIPStephan
06-05-2009, 01:13 AM
OK, from looking at your source code (which you kindly provided via PM since you don’t want to make your site public) I couldn’t find any obvious things like an injected iframe or a script. It may be that not Wordpress but your server has been hacked or whatever but it’s not entirely clear. Search the internet for “Wordpress trojan” or something like that. What I’ve found with a bit of searching was: http://www.bontb.com/2008/03/wp-content1-trojan-virus-for-wordpress-bloggers/ , http://wordpress.org/support/topic/200861 and https://wpsecurity.net/severe-security-risk-in-wordpress-261/

I’d suggest you do a complete backup of your DB and your Wordpress files, then delete everything and change all your passwords for the database and FTP, and do a fresh install of the newest version (also change your admin password). Then contact Google to review your website and reset its status and hopefully you’ll be free of it.

xuan88
06-05-2009, 02:50 AM
In this case, do I need to change hosting? Or just stick to the one that I have?

Thanks for the suggestion. I'm trying to reinstall and set up everything now.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum