1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HELP!! malware site

Discussion in 'Black Hat SEO' started by omnia, Dec 26, 2013.

  1. omnia

    omnia Newbie

    Joined:
    Sep 17, 2013
    Messages:
    25
    Likes Received:
    1
    Help please i have 6 websites that declared a malware website when i try to open any one of them there is a red screen whth chrome and firefox browser "this website can infect your website.." . help :)
     
  2. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    A little detail is most helpful. Are the sites using borrowed WordPress themes by chance?
     
  3. omnia

    omnia Newbie

    Joined:
    Sep 17, 2013
    Messages:
    25
    Likes Received:
    1
    yes a wordpress theme
     
  4. Roshaen

    Roshaen Elite Member

    Joined:
    Sep 24, 2012
    Messages:
    2,238
    Likes Received:
    1,351
    Location:
    Please Pray For My DAD
    i guess check google webmasters .There must be something fishy on your site or some unusal activity thats making google warn users entering your site.
     
  5. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Are they borrowed so to speak? If so they may have malware code or are not properly nulled. Backup your data and trying install a clean theme on one of your sites and see if that helps. There are a lot of threads on BHW regarding this issie.
     
  6. omnia

    omnia Newbie

    Joined:
    Sep 17, 2013
    Messages:
    25
    Likes Received:
    1
    yes but im in webmaster google there is a few errors but i do no..i have no malware on my websites, i just downoald theme from mafiashare since 2 months and i using this one since 2 months ,nothing was happened ,but today THE STORM i don't no why this red screen !
     
  7. omnia

    omnia Newbie

    Joined:
    Sep 17, 2013
    Messages:
    25
    Likes Received:
    1
    one of my website that have the same problemme that have simply a html page .
     
  8. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Are all of your sites on the same hosting company and in the same name?
     
  9. omnia

    omnia Newbie

    Joined:
    Sep 17, 2013
    Messages:
    25
    Likes Received:
    1
    yes all my website hosted on the same hosting comany OVH
     
  10. samiejg

    samiejg Senior Member

    Joined:
    Dec 14, 2013
    Messages:
    825
    Likes Received:
    49
    If you're using Wordpress, someone(more likely a bot/script) probably found a vulnerability in your Wordpress application. That type of stuff usually happens from outdated version of Wordpress, or even the plugins/themes.

    Google does a malware check when they're indexing sites, and if they find malware then they put this message across the site.

    The best thing to do now is see if you have a backup of your site that you can restore(your host might be able to get one if you don't have one". If you don't, then you will have to manually check through all of your files and remove any malicious code. It's not too hard because you can look for the "Last Modified" dates to see files that have been edited recently that wasn't from your own doing.

    Once you have done the above, it is then recommended to updating all passwords associated with your website like FTP, Database, WP Login, etc. Then proceed to update Wordpress and any plugins to the newest versions. I also tend to do other things to secure my Wordpress such as doing an .htaccess password protection for the entire wp-admin folder. That way they won't be able to go through the directory at all and they would have to break through two directories.

    It might also be a good idea too... if you do have a backup, that you delete all your files first, and then restore the backup. Just incase you have some type of backdoor script hidden in there. You could be restoring a backup and it will only copy over all of the files that were originally a part of your website. Just don't make the mistake of deleting it all if you don't really have a backup. There might be some tools online like can scan your website and maybe even for backdoor scripts if you just restored a backup, but I'm not allowed to post links anyways.

    Edit: A lot of people tend to blame the Web Hosting company. But it's rarely ever the case. I used to work for one of the biggest Web Hosts in the world and would get calls from people who had this same issue, and they would try to blame us. I would explain... "we're not getting any other calls from our million+ other Web Hosting customers... why would someone hack into our servers, so they can target your website only?". Then after restoring their site, it was way outdated, and sometimes could even replicate the hack to do it again. The fact is, this happens alot with Wordpress, and if someone is going to use Wordpress then they will need to regularly check and update their website regularly. I don't know about lately, but they have always constantly updated it to patch up vulnerabilities. Just thought I would mention that because it sounds like people might try to tell you that.
     
    Last edited: Dec 26, 2013
  11. samiejg

    samiejg Senior Member

    Joined:
    Dec 14, 2013
    Messages:
    825
    Likes Received:
    49
    One other thing I forgot to mention! Once you get this all straightened out, you will need to resubmit your website for review through the Google Webmaster Tools in order to get that message removed from your site.
     
  12. Nightly

    Nightly Regular Member

    Joined:
    Oct 18, 2013
    Messages:
    292
    Likes Received:
    79
    I had this happen on my file sharing website once via Webmaster Tools a year back or so. Sent them a message explaining what my site was, and I have never gotten another message about It.

    On topic though, this Is the reason I started paying for my themes. When I have "borrowed" themes In the past, I checked all the code myself before hosting It. Have found some decent themes which were Infected. Cleaned them up, all good.
     
  13. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    About says it all doesn't it?
    Install this
    Code:
    [URL]http://wpantivirus.com/[/URL]
    and scan your theme.