Google SafeBrowsing warning after 2 days with installed qTranslate

I doubt it has anything to do with qtranslate. It may be the fact that your premium theme has obscured code in it that has links that lead to sites that are infected, like 2tomohappy. Check for base64 or encoded javascripts in footer.php, and scan with WordPress ? WordPress Exploit Scanner ? WordPress Plugins.

You’ve got some nasty, attacking javascript in there!

4 exploit(s), 2 scripting exploit(s)

I agree with songdogtech; it’s bad code in the theme (or maybe even a plugin). Make sure you download your stuff from valid places (like here at www.ads-software.com) and be sure to never, ever use a “nulled” premium theme from somewhere.

Those “nulled” or “hacked” premium themes are floating around on the web everywhere but they contain more badness than goodness most of the time. (Besides the fact that it is illegal to use them without paying.)

My 2 cents: remove all files from the server, reinstall a fresh wordpress installation with fresh plugins and a free theme. When you do, make sure the places you download them can be trusted. Finally, ask Google.com to re-validate your site by requesting a re-validation.

Good luck!

e-sushi, thanks for your insights, but I’m rather insulted as I purchased a license for those themes from PremiumThemes.net. I will get back to them of course, and ask what is it all about. Anyway, how you realized that there are exploits, by using WordPress Exploit Scanner? How did u do that on our site? Just willing to get more help on that…

Thanks in advance.

Your theme may not be the culprit. It’s most often the bad guy in these cases, but an evil plugin could also do this.

What plugins are you running?

okay, WordPress Exploit Scanner doesn’t say ANYTHING at all…I’d expect from a piece of software to tell me that it didn’t find anything instead of just acting like nothing happened. Any other insights on how catch that thing?

Ipstenu, on that particular site:

All in One SEO Pack
qTranslate
Theme Switcher Reloaded
WP-SpamFree

the theme itself has some features like Yoast Breadcrumbs and Google Analytics…what else? can’t think of anything else

FYI, the Exploit scanner only checks for base64 or encoded javascripts stuff, so it’s possibly missing things that aren’t hacked thusly. I don’t use it so I don’t know why it doesn’t tell you nothing if you’re ‘safe’ or if that’s the indication of yet another problem with your site.

Well obviously the easiest way to see if it’s your theme is to switch to the default theme and see if you still get the errors etc.

Before you go whole hog, rip everything out and start over, I’d check my server out. I recently saw someone who thought they had a WP hack but it turned out to be a server hack :/

Yes, it turned out the same – it’s some sort of server hack. We are also hosting other sites with other CMS and they’re not affected. Probably it is some combination of server & WP security holes. So, my apologies for starting such a thread, but you know the drill ??

Will keep you posted on development, if anyone is interested.

Both WordPress and server hardening info and links Hardening WordPress ? WordPress Codex and the usual Google results. According to many in these forums, hacks often do come through shared hosting.