Help! Why Do My Sites Show Dangerous Downloads Warnings?

12 years ago

Don't have enough information here.

Are you saying your sites are getting what we call "the red screen of death" -- which is the Google SafeBrowsing API announcing that your site is distributing malware?

In that case, your website has been hacked.

I've cleaned up hacked sites for several years now, but don't do that so much anymore.

But if you would like assistance, pm me. (Or connect with me on skype -- letting me know HOW you know of me. I don't connect with people who just send a contact request and no further info.)

Live JoyFully!

Judy

Thanks
2 replies

Signature

Speed Read Copy -- 97% Off Value -- RAVE Reviews!

{{ DiscussionBoard.errors[6744398].message }}

MP80 12 years ago

I agree.. we need more info.

Are you using bit.ly as a URL shortener for any of the links to your site?

If so, they will sometimes (often?) pop an ominous warning up, even when your site is clean.
- Thanks
- 1 reply
Signature

Before you do ANYTHING else in your day - do at least ONE thing that brings money into your business.
{{ DiscussionBoard.errors[6744430].message }}
- tmdassc 12 years ago
  
  I do not use any type of link shortner software, plugins, apps, or services on the sites.
  
  Thanks
  
  Signature
  Example Of A Great Way How To Grow Your List And Make Money Without Advertising!
  
  {{ DiscussionBoard.errors[6744470].message }}
tmdassc 12 years ago

Judy,

Google does not have problems with the sites and they come up clean when googled. I have only gotten the notifications myself when I type the site links into yahoo. I then get a warning from "SearchScan" beta.
- Thanks
- 1 reply
Signature
Example Of A Great Way How To Grow Your List And Make Money Without Advertising!
{{ DiscussionBoard.errors[6744486].message }}
- MP80 12 years ago
  
  Yes, it has been hacked.. Norton says it is 'Exploit Kit Redirect'.
  
  This signature detect attempts to download exploits from a malicious toolkit which may compromise a computer through various vendor vulnerabilities.
  
  Thanks
  
  1 reply
  
  Signature
  
  Before you do ANYTHING else in your day - do at least ONE thing that brings money into your business.
  
  {{ DiscussionBoard.errors[6744634].message }}
  
  tmdassc 12 years ago
  
  Originally Posted by MP80
  
  Yes, it has been hacked.. Norton says it is 'Exploit Kit Redirect'.
  
  Thanks MP80,
  
  I am in the index.php editor now and I am seeing what Nathan referred to. So that looks like that may be the problem. going to give that a try when Nathan replies back.
  
  I much appreciate your assistance to this point, and will be following suggestions.
  
  [ 1 ] Thanks
  
  Signature
  Example Of A Great Way How To Grow Your List And Make Money Without Advertising!
  
  {{ DiscussionBoard.errors[6744792].message }}

Nathan Briggs

12 years ago

You have got a hack in there, first off check your index.php files for some gobbledegook, probably at the start of the file beginning with eval(base64_decode( ). Removing that is step one, step two is to contact a professional (ahem) to do a thorough clean out & hardening job.

This particular hack is actually pretty clever, it tries to avoid triggering a blacklisting by only appearing sometimes, probably also avoiding Chrome browsers and maybe Firefox. That's why you can't see it, and why you aren't blacklisted yet.

Thanks
2 replies

Signature

I clean up and secure hacked WordPress sites. PM me to get started.

{{ DiscussionBoard.errors[6744603].message }}

tmdassc

12 years ago

Originally Posted by Nathan Briggs

You have got a hack in there, first off check your index.php files for some gobbledegook, probably at the start of the file beginning with eval(base64_decode( ). Removing that is step one, step two is to contact a professional (ahem) to do a thorough clean out & hardening job.

This particular hack is actually pretty clever, it tries to avoid triggering a blacklisting by only appearing sometimes, probably also avoiding Chrome browsers and maybe Firefox. That's why you can't see it, and why you aren't blacklisted yet.

Howdy Nathan,

Thanks much for your reply. Note, I have changed the theme on the sites, so they are not the same files as they were when his first started.

However, I will, as a precaution and process of elimination - check the index.php files as you have suggested.

Thanks,

Terry

Thanks

Signature

Example Of A Great Way How To Grow Your List And Make Money Without Advertising!

{{ DiscussionBoard.errors[6744653].message }}

tmdassc

12 years ago

Originally Posted by Nathan Briggs

You have got a hack in there, first off check your index.php files for some gobbledegook, probably at the start of the file beginning with eval(base64_decode( ). Removing that is step one, step two is to contact a professional (ahem) to do a thorough clean out & hardening job.

This particular hack is actually pretty clever, it tries to avoid triggering a blacklisting by only appearing sometimes, probably also avoiding Chrome browsers and maybe Firefox. That's why you can't see it, and why you aren't blacklisted yet.

Nathan,

I just checked and saw what you were referring to. How much of that do I remove? What should be at the beginning of the index.php? I don't want to remove too much and render the site non-functional.

Thanks

Signature

Example Of A Great Way How To Grow Your List And Make Money Without Advertising!

{{ DiscussionBoard.errors[6744765].message }}

faisalmaximus

12 years ago

tmdassc, the possible reason and solutions are :
1. The hosting service you are using may be affected by malicious objects, change the hosting, hope it will work.
2. The problem may be due to domain name registrar, if the first option doesn't work, please change your domain registrar.
3. Download all your files from public_html and scan through antivirus software, if get any malicious object or virus, remove it and upload the files again.
Please try these, hope your site will be ok.

Thank you
Faisal

Thanks
2 replies

Signature

GOOGLE 1st PAGE RANKING
WITH MONEY BACK GUARANTEE

{{ DiscussionBoard.errors[6744654].message }}

tmdassc

12 years ago

Originally Posted by faisalmaximus

tmdassc, the possible reason and solutions are :
1. The hosting service you are using may be affected by malicious objects, change the hosting, hope it will work.
2. The problem may be due to domain name registrar, if the first option doesn't work, please change your domain registrar.
3. Download all your files from public_html and scan through antivirus software, if get any malicious object or virus, remove it and upload the files again.
Please try these, hope your site will be ok.

Thank you
Faisal

Thanks Faisal,

All the domain name are the same for all of my sites, but not all are affeced. The same goes for hosting. However, I will be checking into your suggestions if all else fails.

Many thanks.

Terry

Thanks

Signature

Example Of A Great Way How To Grow Your List And Make Money Without Advertising!

{{ DiscussionBoard.errors[6744811].message }}

zapseo

12 years ago

Originally Posted by faisalmaximus

tmdassc, the possible reason and solutions are :
1. The hosting service you are using may be affected by malicious objects, change the hosting, hope it will work.
2. The problem may be due to domain name registrar, if the first option doesn't work, please change your domain registrar.
3. Download all your files from public_html and scan through antivirus software, if get any malicious object or virus, remove it and upload the files again.
Please try these, hope your site will be ok.

Thank you
Faisal

Say what ????

About the only thing that makes ANY kind of sense in those suggestions is #3.

@tmdassc (ah, just found your name ... Terry!)

Just wanted to let you know that I had to step away, and Nathan is my business partner in things having to do with website security and wordpress, so I gave him a head's up about your thread here.

I asked him to come over and help you out.

In general, if your index.php file is infected (with the code that Nathan told you about) -- chances are other php files on your hosting account are infected as well.

Especially if you have add-on domains.

There are web security people who have said that they've never seen a hacked site where there wasn't a backdoor installed. While I can't say that I've always found backdoors ... I have found backdoors in many -- and often, the backdoors were installed months, and sometimes even years ago.

I've even found backdoors on client accounts that had been sitting there for years.

Because there is a number of ways that backdoors & hacks can be obfuscated, though (and they get trickier all the time), it's difficult to find them all.

Incidentally, you mentioned that you changed the theme...it's not just the theme ... it's the whole WordPress install that would need to be changed out. The "index.php" file of mention is not part of theme files, but of the WordPress install itself.

Hope that helps!

Live JoyFully!

Judy

Thanks

Signature

Speed Read Copy -- 97% Off Value -- RAVE Reviews!

{{ DiscussionBoard.errors[6745132].message }}

Nathan Briggs

12 years ago

Replied by PM. Basic: remove eval and everything in the brackets that follow it.

Thanks
1 reply

Signature

I clean up and secure hacked WordPress sites. PM me to get started.

{{ DiscussionBoard.errors[6745003].message }}

tmdassc 12 years ago

Originally Posted by Nathan Briggs

Replied by PM. Basic: remove eval and everything in the brackets that follow it.

Many Thanks Nathan,

I have PMed you and related everything to you. I have cleared all that coding out and will be following the other steps you gave me.

Thank you so much as you have been very helpful. I know now to only trust wordpress.org for installs.

A big ole Texas Thankya to you.

Terry
- Thanks
Signature
Example Of A Great Way How To Grow Your List And Make Money Without Advertising!
{{ DiscussionBoard.errors[6745041].message }}

Nathan Briggs

12 years ago

To be clear, what I said was to grab a copy of the WP code from wordpress.org and use that to overwrite all the WP files on your hosting. It won't, as Judy said, remove any backdoors that have been added, but it is an easy procedure that will help until you can get a pro to look over it (to be safer, delete wp-*.php - except wp-config.org and all in wp-includes and wp-admin; also remove and reinstall from zip all plugins and themes, then update everything -and keep it updated; this is a harder procedure, so be careful).

Thanks

Signature

I clean up and secure hacked WordPress sites. PM me to get started.

{{ DiscussionBoard.errors[6745193].message }}

jtprattmedia

12 years ago

definitely sounds like a hacked website. You have to get to the root cause, even if you remove the infected code it'll happen again if you don't plugin the whole. Check out this page for detailed fix info: How to Fix a Hacked Wordpress Blog | JTPRATT Wordpress Consultant

Thanks

{{ DiscussionBoard.errors[6801789].message }}

Help! Why Do My Sites Show Dangerous Downloads Warnings?

Trending Topics

Any thoughts on golf's latest phenom...Scottie Scheffler??

best high quality crypto traffic.

Should i Index Author pages?

What's the Best IM-Related Skill to Learn Today That Can Help in the Future?

Some interesting stats about brand comms