OH No! My Site is Malware!

OH No! My Site is Malware!

Well if it rains it pours. If any of you are a my loyal listeners to the Hayseed Report you will know that you will get a great big red page that says that I am a breeding zone for malware.

Yep I pulled up my site and you get a wonderful

What is the current listing status for hayseedreport.com?

Site is listed as suspicious – visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 14 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 42 pages we tested on the site over the past 90 days, 35 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-04-05, and the last time suspicious content was found on this site was on 2013-04-05.

Malicious software is hosted on 2 domain(s), including sommetslutfy.com/, bantoxics.org/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including podcastclicks.com/, sommetslutfy.com/.

This site was hosted on 1 network(s) including AS21844 (THEPLANET).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, hayseedreport.com appeared to function as an intermediary for the infection of 3 site(s) including google.com/, goo.gl/, bit.ly/.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Well i was just looking at the Hayseed Report webmaster tools page last weekend so this is something that has happened for at least a day but could be as many as 4 day worth down website. I haven’t looked at any other stats as of yet. so I really will not know the damage till I do more looking. But I really dont know what I am truely looking for, but I didn’t know.

ARGH!!

 

I had to look and see Who got in, with What ,When and Where are the infected files?


I started with the details about the problems on this site.
On the Hunt

I looked at sommetslutfy.com and this site doesn’t show any ads or odd links. So, even if they are hosting it I was not getting and hits on my anti-malware programs. But it does come up with the same error message the scary red warning of  malware  ahead. I searched my site for the site thinking it could be a link from malicious commenter.

Nope! The link to sommets lutfy didn’t show nor the Domain name. I did the same search for Ban Toxics site, and it turned out the exact same. So, I have to keep searching I found that if you go to the webmaster tools you can see what links they believe to be bad. they are strange links like
http://www.hayseedreport.com/tag/school/
or http://www.hayseedreport.com/?option=com_hwdvideoshare&task=ajax_removefromfavourites&userid=0&videoid=8
and if you followed the link it gave me a great hint as to where it came from, because it shows the offending code!

<IFRAME SRC=”http://www.podcastclicks.com/member…2-3-4-5-6-7-8-10-11-12-13-14-15-16-17-18-19-20…
” width=468 height=60 marginwidth=0 marginheight=0 hspace=0
vspace=0 frameborder=0 scrolling=”no”>

I am not much in the coding end of things but I am able to see the link that the iframe goes to. That frame is to one of the Four Podcasters of Greatness. Yep, that is one of Dave Jackson’s sites. Am I mad about the fact that Dave is injecting code into my site? Nope! I will tell you why here closer to the end.but on to the rest of the story.

I also wanted to find out if there was a plug-in explait that caused the problem and could possibly cause another round of red outs. I looked for some plugins that would work for detecting security problems. I searched the WordPress plugins A to Z directory hoping they had something I was not finding anything but it always worth a shot with these guys, they do know their stuff.  So, Commenced to looking over at the Wprdpress plugin site itself. I was able to find a couple I felt secure enough to try

  • Anti-Malware (Get Off Malicious Scripts) – This plug in is like a virus scanner it looks through your code and the plug ins and tells you if there is a problem or a potential problem. It found one with a plug in I was hold for a later date. but since I wasn’t using it, I removed it.
  • OSE Firewall – it took a while but it was not able to find anything so I will have to assume that the problem was fixed with the Anti-malware plugin.

I also went on a head and removed the widgets that had the banner rotations to Podcast clicks and will replace them later after I see that things are working the way they are suppose to. Once done with that I requested a review of the page to see if the problem is still around. I will keep everyone up to date. This is a big headache and I know that you have to keep your self up on top of the current exploits that are around. So, Always keep your plugings up todate because they normally are security fixes.

Also…

Why am I not mad about Dave Jackson getting my site blocked. The foremost reason is because I trust him. I know that he didn’t put the code on his site and he didn’t infect my site on purpose. When you are on the internet your site is going to get hit from time to time. I let Dave know of the problems with podcastclicks.com I am sure he will be working on it. 

1 comment on “OH No! My Site is Malware!Add yours →

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: