Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

My site shows up as an Attack site ?

  • 14-12-2011 11:56am
    #1
    Registered Users, Registered Users 2 Posts: 5,356 ✭✭✭


    Not sure whats after happening... and why this is saying it.. can someone check my site

    www.davidstokes.com

    I get a red image saying it's an attach site. But I've never uploaded anything other then images.. It was a wordpress site so I didn't even upload html or anything.


Comments

  • Registered Users, Registered Users 2 Posts: 339 ✭✭duffman85


    I'm getting the same warning about an attack site(using Firefox 8).

    Your wordpress installation may have been hacked - update to the latest version of wordpress.

    When you click on the why was this page blocked button it gives this: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-GB&site=http://www.davidstokes.com/
    Safe Browsing
    Diagnostic page for www.davidstokes.com

    What is the current listing status for www.davidstokes.com?

    Site is listed as suspicious - visiting this website may harm your computer.

    Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

    What happened when Google visited this site?

    Of the 2 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-12-13, and the last time suspicious content was found on this site was on 2011-12-13.

    Malicious software is hosted on 1 domain(s), including chicknercx43.chickenkiller.com/.

    This site was hosted on 1 network(s) including AS21844 (THEPLANET).

    Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, www.davidstokes.com did not appear to function as an intermediary for the infection of any sites.

    Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

    How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

    Next steps:

    Return to the previous page.
    If you are the owner of this website, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Centre.

    If you're on shared hosting check if that chickenkiller domain has the same ip address. Also check with your hosting provider to see if they can help.


  • Closed Accounts Posts: 9,700 ✭✭✭tricky D


    There could be .htaccess files in many directories which are redirecting to the attack site. FTP in, view the files to confirm the redirect, remove all of the dodgy ones, change your passwords and then follow the steps in the warning to get your site rechecked.


  • Registered Users, Registered Users 2 Posts: 708 ✭✭✭syncosised


    Hi, NeVeR, it looks like someone has gotten into your site somehow. If you look at the page source, there is a script inserted at the top of the page. It is difficult to make sense of, which is the first warning sign. I copied the code and opened up Google in an incognito window. I ran the code using Chrome's Javascript console, and it immediately gave a malware alert for the site mentioned (chickenkiller).

    You need to remove this script from your page. Presumably it is somewhere in your theme files. Have a look in those and see. Update Wordpress to the newest version in case they got access through an exploit. Change your FTP password, as well as your Wordpress login and database password to be safe.

    Incidentally, this script at the top of the page is also causing the two session_start() errors. Removing it will clear those up too.

    Hope that helps.


  • Closed Accounts Posts: 9,700 ✭✭✭tricky D


    Forgot about the script bit in every page. The last one of these I dealt with had both the script embedded and the htaccess redirect so check and clean both.


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    Yeah I had this before.

    A htaccess used to write that javascript into the page. Everytime I fixed it, it re wrote it. Removing both script and htaccess file as mentioned above should do the trick. Update your wordpress installation also. Mine was a word press site as well.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,793 ✭✭✭oeb


    Same thing happened to me a few years back. Even the javascript looks the same. My sites were not actually hacked, I had a virus on my machine that would grab ftp details from filezilla or whatever and modify the files from there.

    (Which was a bundle of fun, as I am a developer, so reguarly access any of a couple of hundreds clients sites on a daily basis.)

    So make sure to scan the hell out of your machine, or preform the repairs on a clean machine. And don't forget to change all your passwords.


  • Registered Users, Registered Users 2 Posts: 5,356 ✭✭✭NeVeR


    cheers guys.. When i get home I'll try them all. I can't from work.


Advertisement