PDA

View Full Version : "This site may harm your computer" - help please



PMC
02-20-2009, 11:33 AM
google has detected a trojan or something on my site, and I don't have a clue where to look for it.

site is http://www.analfiend.com/
don't click if you don't have good anti-virus/trojan protection

can anyone help? or give me direction on how to correct, I am losing a lot of traffic :(

MP
02-20-2009, 11:49 AM
I got right in no warnings.

MP
02-20-2009, 11:54 AM
Ok I get the message in FF but not IE.

MP
02-20-2009, 11:54 AM
What is the current listing status for www.analfiend.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-11, and the last time suspicious content was found on this site was on 2009-02-10.

Malicious software includes 1 scripting exploit(s), 1 trojan(s). Successful infection resulted in an average of 15 new processes on the target machine.

Malicious software is hosted on 1 domain(s), including gvatemal.biz/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including theriotbefore.com/, filarmon.info/.

This site was hosted on 1 network(s) including AS30266 (A1COLO).

MP
02-20-2009, 11:55 AM
Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

StuartD
02-20-2009, 11:57 AM
Ok I get the message in FF but not IE.

That's because IE not only doesn't care if you visit harmful sites, it'll just go right ahead and install what ever is on them without you knowing.

But hey, at least you didn't get annoying warnings that could interrupt the flow of your day!

:D

PMC
02-20-2009, 12:00 PM
found the exploit, removed it, changed password, requested review, will upgrade wordpress tonight

what a fucking pain in the ass!

StuartD
02-20-2009, 12:01 PM
I honestly don't see anything wrong with it either... no scripts, no iframes... nothing that should set off any alarms.

EDIT: Ah, you found it. No wonder I didn't see anything.

Rongo
02-20-2009, 12:04 PM
found the exploit, removed it, changed password, requested review, will upgrade wordpress tonight

what a fucking pain in the ass!
What version of Wordpress are you using?

PMC
02-20-2009, 12:07 PM
What version of Wordpress are you using?

an older one, not at my PC to check, but it was one of the more secure ones.

PMC
02-20-2009, 12:08 PM
I honestly don't see anything wrong with it either... no scripts, no iframes... nothing that should set off any alarms.

EDIT: Ah, you found it. No wonder I didn't see anything.

it was a php coded cookie added into my header

Rongo
02-20-2009, 12:10 PM
an older one, not at my PC to check, but it was one of the more secure ones.
Ouch. I wonder how they got in... it happened to me once.. I think it was some sort of registration thing where if you allowed people to register, they could use the registration form to pass code or something.... was awhile ago, I forget.

I remember thinking how satisfying it might be to take a Louisville Slugger and embark on a Whack a Hacker world tour.

PMC
02-20-2009, 12:12 PM
Ouch. I wonder how they got in... it happened to me once.. I think it was some sort of registration thing where if you allowed people to register, they could use the registration form to pass code or something.... was awhile ago, I forget.

I remember thinking how satisfying it might be to take a Louisville Slugger and embark on a Whack a Hacker world tour.

it was strange, google detected it the exact day I ranked first page for 'anal sex' , have lost the ranking since :(

Mike Semen
02-20-2009, 12:18 PM
it was strange, google detected it the exact day I ranked first page for 'anal sex' , have lost the ranking since :(

Ouch!

Czarina
02-20-2009, 05:59 PM
I had something similar happen to me the other day, with EVERY SITE I VISITED! It was crazy, even my own sites were giving me this error.
I rebooted and things went back to normal.

Mike Semen
02-20-2009, 06:03 PM
That was a google burp Cz...

mynameisjim
02-21-2009, 02:33 AM
Many exploits are added at the server level. You need to change all your passwords, not just wordpress. But they probably have a backdoor setup unless it was just some driveby hack.

Also, if you have a good host, send them the name of the trojan/exploit and some info and they may be able to check out your server.

DarkWeb
02-21-2009, 10:20 PM
So far I've had 4 sites get that......That crap will piss you off!!!

PMC
02-22-2009, 12:30 AM
google was pretty quick re-reviewing the site, notice is gone now :)

Aišo
02-22-2009, 01:34 AM
Ouch!

LOL, which part are you saying ouch to? The anal sex or the lost ranking?

Toker
02-22-2009, 05:36 AM
:io:........
....
...