Categories: Malware & hacked sites :

Flagged by google - cleaned & requested review on 4/22 but no change in status yet? Please help!

Showing 1-10 of 10 messages
Flagged by google - cleaned & requested review on 4/22 but no change in status yet? Please help! netwerks 4/23/12 5:12 PM
Hi I have a site that was flagged as having malware. I cleaned it on 4/22 and immediately requested a review via webmaster tools. I still have not had a review of my site or change in status. I requested it again about 5 hours ago and still no review. Can someone please help me with this?

site url is http://www.simplysell.com
Re: Flagged by google - cleaned & requested review on 4/22 but no change in status yet? Please help! redleg-redleg 4/23/12 5:19 PM
Unfortunately the site is currently hacked.  When I request the homepage there is a block of obfuscated script

< sc ript > i=0;try{prototype;}catch(egewgsd){if(window.document)f=['-32k-32k64k61k-9k-1k59k70k58k76k68k60k69k75k5k62k60 .......

being inserted into the <head>

Is this the code you previously cleaned up??
Re: Flagged by google - cleaned & requested review on 4/22 but no change in status yet? Please help! netwerks 4/23/12 5:30 PM
hmmm I had a base64 gzip before. I cleaned the site looks like this is new. I am on ver 3.2.2

Nasty little thing... Any ideas what's causing it?
Re: Flagged by google - cleaned & requested review on 4/22 but no change in status yet? Please help! redleg-redleg 4/23/12 5:45 PM
Sorry, The script above would be written by some obfuscated php code, some base64 stuff so it is likely the same stuff being re-written.  Couple of possibilities, a vulnerable plugin on your site or the hackers have installed a backdoor.  Check all your themes/plugins and make sure they are up to date, latest versions.  This site has some good info on vulnerabilities

http://secunia.com/advisories/search/?search=wordpress

Make sure you do not have any old/inactive plugins left on your site.

If the hackers left a backdoor they can be difficult to find.  There is a good article on finding a backdoor at

http://25yearsofprogramming.com/blog/2010/20100315.htm
netwerks 4/23/12 6:03 PM <This message has been deleted.>
(unknown) 4/23/12 7:37 PM <This message has been deleted.>
Re: Flagged by google - cleaned & requested review on 4/22 but no change in status yet? Please help! redleg-redleg 4/23/12 7:40 PM
Unfortunately when checking your homepage the code is malicious code is back. 
Re: Flagged by google - cleaned & requested review on 4/22 but no change in status yet? Please help! redleg-redleg 4/23/12 7:43 PM
That is disappointing!  if you have not already done all of this -- some basic security stuff

Start by doing a scan of your PC and make sure there are no Trojans/viruses capturing your ids/passwords, use a couple of different security packages. Change ALL passwords especially FTP. Never store/save your passwords in your FTP client, use secure FTP if available. Install a good anti-virus program and do regular scans of your computer.  You hosting service may be able to help you pin it down, if you notify when you see any changes they could check the access logs and maybe determine the account being used when the files are modified.

The second most common thing I see is problems with file/folder permissions.  The hackers get access to a site and open the file permissions up on a folder/file so they can continue to get access even if you change passwords etc.  You'll see different views on what permissions should be  I go with Files set to 644 Folders set to 755.  It is a good idea to regularly check file/folder permissions.
Re: Flagged by google - cleaned & requested review on 4/22 but no change in status yet? Please help! netwerks 4/24/12 5:59 AM
OK I reinstalled wordpress and the latest version of my theme. Looks like it's gone now. Can you have a look and see if you see anything suspicious? I don;t see anything personally.
Re: Flagged by google - cleaned & requested review on 4/22 but no change in status yet? Please help! redleg-redleg 4/24/12 6:06 AM
I don't see the code or ant other problems in the page now.    I am sure you are not going to have any more problems  but just to be cautious --  I have a tool on-line at http://redleg-redleg.com/file-viewer/    The tool allows you to safely view the code that is being returned by a request for a page.  You might want to check your homepage once or twice over the next couple of days and make sure it remains clean.

Good Luck with your site!