Results 1 to 24 of 24
  1. #1
    ABW Ambassador bettylou's Avatar
    Join Date
    December 27th, 2005
    Location
    Indiana
    Posts
    595
    My site is distributing malicious software?
    Oh No!! I received an email from Google saying that my site had been suspended for possibly installing badware. G said it was coming from a page that has an ad that I just put up 2 days ago. I have removed the ad but I still get a notice from McAfee when I go to my site that this site has tried to install a trojan virus. I am glad that Google has a warning to keep visitors out so they don't get the virus.

    What do I need to do to get rid of this? It's a WP blog site.

    Thanks for any suggestions. I just feel so dirty, like I need to take another shower because of this. How can people do this type of thing and sleep at night?

  2. #2
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    I had the same problem. Could not find the culprit. I had to talk to someone at Google and they told me to look for an "iframe" somewhere. Just type iframe in your WP search box, check the code and delete it. It could be something else, too.

  3. #3
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    England
    Posts
    4,327
    It is great that Google warms about stuff like that

  4. #4
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    Google has a partnership with StopBadware.org to detect the malicious software. And if you have an account with Google Webmaster Central they will warn you before taking your site off the SERP.
    They even think to go further:
    "Google plans to run a test that will alert some webmasters if their content management system (CMS) or publishing platform looks like it might have a security hole or be hackable. "

  5. #5
    ABW Ambassador bettylou's Avatar
    Join Date
    December 27th, 2005
    Location
    Indiana
    Posts
    595
    Quote Originally Posted by Zeus
    Google has a partnership with StopBadware.org to detect the malicious software. And if you have an account with Google Webmaster Central they will warn you before taking your site off the SERP.
    They even think to go further:
    "Google plans to run a test that will alert some webmasters if their content management system (CMS) or publishing platform looks like it might have a security hole or be hackable. "
    I have been to StopBadware.org and Webmaster Central and I keep finding that my site along with v2statscount (dot) net have been found to be trying to download 6 types of trojan viruses.

    I don't know what in the world v2statscount (dot) net is. I tried going to that site and Google has it blocked. Do I need to be looking for something to do with this site appearing on my site? Askimet stops all comments that contain a url so I am not really sure what, or where I should be looking.

  6. #6
    Outsourced Program Manager Chris -  AMWSO's Avatar
    Join Date
    January 18th, 2005
    Location
    Bangkok
    Posts
    11,273
    I had a site nailed with an SQL Injection hack that loaded a script into every field to load some form of badware. My site was blocked from direct by a google warning. Once I had the issue fixed I filled in the form on the link they provide and the site was back listed again with a day.

    Wasn't fun, but it was well handled.
    Affiliate Marketing by AMWSO. Skype - chrissanderson ::: TEL 1-720-336-1784 ::: www.amwso.net
    Join our affiliate programs :Vaper Empire, Iolo, Art of Tea, or See ALL our Programs here

  7. #7
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    If you can't find what's causing the problem, ask Google to be more specific. Answer their email and ask them to give you more details.
    Like Chris, I've been hacked also with older versions of WP. To clean a db is not fun.

  8. #8
    ABW Ambassador 2busy's Avatar
    Join Date
    January 17th, 2005
    Location
    Tropical Mountaintop
    Posts
    5,636
    http://www.stopbadware.org/home/badware is a joint effort by Google, Harvard and several others to find and stop the spread of malicious drive by downloads. The StopBadWare.org Google group offers step by step instructions to find and eliminate the problem. Many report a tiny invisible iframe that apparently gets installed in WP sites via third party ads. Backup the database and check through MySql for the offending code. You don't want to go to the source or you can be infected too; don't open your pages in a browser to check the source code, view them in a text editor, preferably via Control Panel.

  9. #9
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    England
    Posts
    4,327
    Partners:

    Google; PayPal; Mozilla; Lenovo; AOL; VeriSign; Trend Micro; Consumer Reports WebWatch

    It is nice to see some big names fighting this problem

  10. #10
    ABW Ambassador kse's Avatar
    Join Date
    November 29th, 2005
    Posts
    2,511
    Quote Originally Posted by bettylou
    ..... G said it was coming from a page that has an ad that I just put up 2 days ago....
    Can I ask what Ad you posed??

  11. #11
    ABW Ambassador bettylou's Avatar
    Join Date
    December 27th, 2005
    Location
    Indiana
    Posts
    595
    Quote Originally Posted by kse
    Can I ask what Ad you posed??
    It was the first time that I have ever put up an ad from A*oogle. I found a free trial offer that seemed like a nice fit for this particular page. I am not sure if this is the cause but it's on the page that Google found the badware on. I don't know anything about A*oogle but I thought I would give it a try.


    I saved the data from the database that I wanted. Wiped out the current installation of WP and put up a fresh one. I no longer get a warning from McAfee when I go to the site so maybe it's gone now.

    How can something like this be prevented?

  12. #12
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    There is a wordpress plugin that will help find the exploits:

    http://ocaoimh.ie/exploit-scanner/

    If the exploit came from an ad, then this might not help, but this particular plugin finds many problems.

    After you have fixed your site, you go to Webmaster tools and tell them you were hacked and fixed it, and they will unblock your site right away.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  13. #13
    ABW Ambassador bettylou's Avatar
    Join Date
    December 27th, 2005
    Location
    Indiana
    Posts
    595
    Quote Originally Posted by loxly
    After you have fixed your site, you go to Webmaster tools and tell them you were hacked and fixed it, and they will unblock your site right away.
    Thanks Deb,

    I have already requested the review from Google. It says "Site Review Pending, Check Again in a Few Hours".

    I am definitely going to get that plugin. Thanks again.

  14. #14
    ABW Ambassador kse's Avatar
    Join Date
    November 29th, 2005
    Posts
    2,511
    Quote Originally Posted by bettylou
    It was the first time that I have ever put up an ad from A*oogle. ........
    Yes I was aproached by them a year or so ago and signed up. Had a look around and closed my account.

  15. #15
    ABW Ambassador bettylou's Avatar
    Join Date
    December 27th, 2005
    Location
    Indiana
    Posts
    595
    Quote Originally Posted by kse
    Had a look around and closed my account.
    I should have done the same!

  16. #16
    ABW Ambassador bettylou's Avatar
    Join Date
    December 27th, 2005
    Location
    Indiana
    Posts
    595
    This morning Google did the review I had requested for my site and it is now clear. So the warning has been lifted. But my Adwords account is still suspended due to this. Does anyone know how long it takes for Google to lift the suspension?

    Thanks

  17. #17
    ABW Ambassador 2busy's Avatar
    Join Date
    January 17th, 2005
    Location
    Tropical Mountaintop
    Posts
    5,636
    One of the best places to find out about the whole process is at http://groups.google.com/group/stopb.../topics?start=
    There is a searchable discussion of each step, or you can browse and see how it goes.

  18. #18
    ABW Ambassador bettylou's Avatar
    Join Date
    December 27th, 2005
    Location
    Indiana
    Posts
    595
    Quote Originally Posted by 2busy
    One of the best places to find out about the whole process is at http://groups.google.com/group/stopb.../topics?start=
    There is a searchable discussion of each step, or you can browse and see how it goes.
    Hey thanks! Lots of helpful information there.

  19. #19
    ABW Ambassador Joshua's Avatar
    Join Date
    August 17th, 2006
    Posts
    854
    Quote Originally Posted by bettylou
    It was the first time that I have ever put up an ad from A*oogle. I found a free trial offer that seemed like a nice fit for this particular page. I am not sure if this is the cause but it's on the page that Google found the badware on. I don't know anything about A*oogle but I thought I would give it a try.


    I saved the data from the database that I wanted. Wiped out the current installation of WP and put up a fresh one. I no longer get a warning from McAfee when I go to the site so maybe it's gone now.

    How can something like this be prevented?
    What free trial offer from Azoogle (why aren't you writing out their full name?) was it? I'll take a look at the offer and see if it was the culprit. Odds are it wasn't.

  20. #20
    Newbie mrawesome's Avatar
    Join Date
    September 10th, 2008
    Posts
    45
    that sounds aweful!

  21. #21
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    Quote Originally Posted by Joshua
    What free trial offer from Azoogle (why aren't you writing out their full name?) was it? I'll take a look at the offer and see if it was the culprit. Odds are it wasn't.
    There are still lots of ads running through the CPA networks that drop a nasty payload. A friend got a nasty virus from an ad on the Yahoo front page a few months ago that required a complete hard drive wipe. So don't discount the fact that the Azoogle ad could have had something to do with this.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  22. #22
    ABW Ambassador Joshua's Avatar
    Join Date
    August 17th, 2006
    Posts
    854
    Quote Originally Posted by loxly
    There are still lots of ads running through the CPA networks that drop a nasty payload. A friend got a nasty virus from an ad on the Yahoo front page a few months ago that required a complete hard drive wipe. So don't discount the fact that the Azoogle ad could have had something to do with this.
    I've pushed quite a bit of traffic through Azoogle offers in the past, including a few free trial offers recently, and I've never seen anything malicious from the merchants.

    I'm active on a number of boards more targeted towards the CPA network crowd, and I haven't seen anything reported there, either. Azoogle is pretty strict about advertisers and publishers playing by the rules ever since they settled with the Florida AG about improper ringtone marketing, so I don't think they'd let something like malicious software slip by.

    As for getting a virus from a Yahoo front page ad, I'm skeptical there. To my knowledge, Yahoo vets their front page advertisers pretty well, and they require extremely large advertising commitments. I find it hard to believe that an advertiser would risk their large advertising commit by having a virus on their site...

  23. #23
    Outsourced Program Manager TrishaLyn's Avatar
    Join Date
    February 24th, 2008
    Location
    San Leandro, CA
    Posts
    1,049
    Out of curiosity, did you have the latest version of WP installed when the notice came? I've heard that the latest version has a bunch more security but I haven't installed it yet (lazy). So I'm curious if this happened to you despite having the most recent version installed.

  24. #24
    Master of Design AlexBet's Avatar
    Join Date
    January 18th, 2005
    Location
    Toronto, Canada
    Posts
    1,364
    First, make sure that your code is SQL Injection proof. Second, if you are on a dedicated server, block access for all IPs other than yours from accessing anything but port 80 (http port). If you are on a shared server, well, you are exposed to all sorts of attacks and usually hosting companies don't allow you to block access to any ports because this affects a lot of websites on that server. The only thing that you can do is make sure you have a long and complicated password, but that is not a guarantee that you won't be hacked.
    Alex
    AlexBet.com - Professional Website Design, Website Development, Mobile App Development!


    "The bitterness of poor quality remains long after the sweetness of low price is forgotten"
    Benjamin Franklin

  25. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Replies: 3
    Last Post: November 1st, 2008, 07:34 PM
  2. Malicious Software? What are they talking about??
    By wireninja in forum eBay Partner Network
    Replies: 4
    Last Post: June 6th, 2008, 11:55 PM
  3. Alternative to distributing free articles
    By JennyM in forum Newbie Affiliate FAQs & Helpful Articles
    Replies: 10
    Last Post: February 24th, 2006, 09:07 AM
  4. Malicious Software Removal Tool (Windows Updates)
    By davester in forum Commission Junction - CJ
    Replies: 7
    Last Post: January 13th, 2005, 04:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •