• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 816
  • Last Modified:

site has bad google listing - This site may harm your computer.

Another site with a bad google listing, this one I can;t find anything wrong with it,

http://www.blissology.com/

all google says is this..
Warning
Google has detected harmful code on your site and will display a warning to users when they attempt to visit your pages from Google search results.
You should clean your site as soon as possible.


you would think if they can identify the bad code, they would tell you where it is, it is a wordpress site and it identified 3 pages, which makes  no sense as all pages would be infected since it is wordpress, no?


I did find one new file on the server which had no file extension, it was similar to this
  543245645653476fd

I deleted this and resubmitted to google, is their anyway to find what the problem was?
0
jblayney
Asked:
jblayney
  • 5
  • 5
1 Solution
 
Scott MadeiraCommented:
You can use Google Webmaster tools to look at your site.  Here is the link.

https://www.google.com/webmasters/tools/home

you will need to add your site and will also need to verify ownership.  I think it will show you what the problem is.

Another thing to do would be to scan all of your files for any base64_decode() statements.  Some hackers will put malicious code in base64 format so that it isn't obvious to people scanning code.

You could also look at some modification dates on the files to see if any have been updated more recently.
0
 
jblayneyAuthor Commented:
Hi smadeira,
i have webmaster tools, it tells me 3 pages are the problem, the problem is that the page are wordpress, so it should be all infected (not just 3) or none. looking at the pages themselves in wordpress they have nothing out of the ordinary  (contact, about)
0
 
Jason C. LevineNo oneCommented:
Your site was hacked and one or more files were altered to serve malware.  Google detected this and blacklisted you:

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=blissology.com

Sucuri reports that it didn't find anything:

http://sitecheck.sucuri.net/results/www.blissology.com/

But that doesn't mean you're clean either.  I would replace the entire Wordpress core with a clean copy downloaded from Wordpress.org and then manually review all theme and plugin files for altered code. YouTube should also download and run Exploit Scanner

http://wordpress.org/extend/plugins/exploit-scanner/

Another possibility is your hosting is compromised.  Contact your ISP and get them to run their own scans.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jblayneyAuthor Commented:
thanks Jason, i did remove a file and upgraded wordpress, changed all the password, perhaps that was enough
0
 
Jason C. LevineNo oneCommented:
That fixes the symptoms but doesn't usually close the security hole that people are using to get into the server.
0
 
jblayneyAuthor Commented:
ok, i deleted this file yesterday and it is back today

5872826b35a4fce9c12cb7b18b372dac

no file extension

i upgraded wordpress, changed ftp passwords, removed an upload script i had on a function, what else can i do?
0
 
Jason C. LevineNo oneCommented:
Did you run Exploit Scanner?
0
 
jblayneyAuthor Commented:
hi jason, yes i did, it gave me over 400 errors, almost all javascript or built in php.. it basically is saying to scrap the entire website so i no no idea on how to proceed with that info
0
 
Jason C. LevineNo oneCommented:
You have a highly at-risk or compromised site, then.  I would urge you to either hire an expert who knows how to secure a site or, better yet, change your hosting to an ISP that specializes in Wordpress sites and provides the security as part of their hosting package.  Both WP-engine and Page.ly offer plans like this.
0
 
jblayneyAuthor Commented:
well i am the expert... reading the code it it saying all jquery is a problem and is listing all the source wordpress php code.. i think the scanner is over sensitive,

all jquery
and php eval(
and iframe

 is what is is listing as suspect, i tested other wordpress installs and sites and it gives me the same thing, even a brand new install which is in testing mode.

basically exploit scanner is saying wordpress and jquery is bad
0
 
Jason C. LevineNo oneCommented:
It doesn't exactly say that.  What it does do is show you which code can be exploited in addition to finding actual exploits.  As you read each line of the report, see which code is being evaluated.  If it looks funky, investigate further. However:

reading the code it it saying all jquery is a problem and is listing all the source wordpress php code

When I run it, none of my JQuery is listed and only eval() and base64_decode() from my PHP is flagged and rightly so for 73 severe warnings.  If you are seeing that many warnings, you may actually have a problem.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now