joanna
05-15-2009, 06:49 PM
I thought I had fixed the hole in my site, with Bluehost tech help, but it's come back with a vengeance. Apart from Elance, I don't know where to go to get the help I need.
Site was first hacked a few weeks ago, Bluehost ran a script to clean it up and advised the security hole was an outdated version of WP, so they updated to latest version.
It happened again. This time, I used FTP to manually remove the script from every index.page, also reinstalled wordpress, manually removed it from the config.php file (which update misses) and deleted all extraneous files and plugins.
Script was coming from gunbar.cn
I've been monitoring it frequently and it's been clean for about a week now, so I thought I had finally plugged the hole, now I just got this email from Google:
Dear site owner or webmaster of propertyangels.com,
We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):
http://propertyangels .com/
http://www.propertyangels .com/
http://propertyangels .com/greenport101/
Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//propertyangels.com/
We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:
1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser
If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
http://www.stopbadware.org/home/security
______________________________
Now I can't even get into the files in the public_html, without AVG screaming at me that it's full of malware.
This is beyond my skillset. can anyone help or recommend anyone who can fix this? I need help urgently.
If so, please call me on 631 removed phone number
Thank you!
Joanna
p.s. part of the site is a wordpress blog hosted on the same server as the main site, which is Dreamweaver site that i upload through FTP. Someone said I should split WP off to a different server, which i intend to now do, but I need it cleaned up first.
Site was first hacked a few weeks ago, Bluehost ran a script to clean it up and advised the security hole was an outdated version of WP, so they updated to latest version.
It happened again. This time, I used FTP to manually remove the script from every index.page, also reinstalled wordpress, manually removed it from the config.php file (which update misses) and deleted all extraneous files and plugins.
Script was coming from gunbar.cn
I've been monitoring it frequently and it's been clean for about a week now, so I thought I had finally plugged the hole, now I just got this email from Google:
Dear site owner or webmaster of propertyangels.com,
We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):
http://propertyangels .com/
http://www.propertyangels .com/
http://propertyangels .com/greenport101/
Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//propertyangels.com/
We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:
1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser
If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
http://www.stopbadware.org/home/security
______________________________
Now I can't even get into the files in the public_html, without AVG screaming at me that it's full of malware.
This is beyond my skillset. can anyone help or recommend anyone who can fix this? I need help urgently.
If so, please call me on 631 removed phone number
Thank you!
Joanna
p.s. part of the site is a wordpress blog hosted on the same server as the main site, which is Dreamweaver site that i upload through FTP. Someone said I should split WP off to a different server, which i intend to now do, but I need it cleaned up first.