Yes, I'm overly careful with my passwords - and have changed both db and ftp passwords several times since the first time I got the warning. No files have been modified (at least, the timestamps say they haven't) and I have scoured the database for anything unusual, but nothing.
Google now says I'm hunky-dory and says "no suspicious stuff in the last 90 days" which seems weird, because they just said "1 suspicious thing found" a few days ago. I'm not going to invest heaps of time re-writing code for the new wp, so I'm happy to keep doing the "please review and re-ok my site" game - but I'd also like not to distribute malware - is it likely that bad dudes would hack your site, leave it there for a few days, then remove the malware and cover their tracks? I can monitor file hashs and logins on my account - but does I'd like to know if this is a common sounding attack, or I'd just be wasting my time. Thanks! On Nov 15, 1:55 am, Debbie D <[EMAIL PROTECTED]> wrote: > It's not random.. the bad guys either have your login info (you did > change it from another computer didn't you?) and or they are using > "bots" to search WP sites for vulnerabilities.. the attack you had > this time may be a different one, from a different group.. there are > a million scenarios.. > Debbie > > At 05:29 PM 11/12/2008, you wrote: > > > > >Thanks for your help guys - after review last night I was un-badded > >again... But It's really a bit concerning to me - I check all my > >comments as they come in, and I have checked all my wordpress files > >and they seem clean (and at least unmodified for a long time!) - It IS > >an old (highly modified) version of wordpress (I try to keep up with > >security issues, but it's certainly possible I've missed something. > > >My question is - why would it be "random" - My site was deemed to have > >badware, I request review, it gets "okay"-ed. 5 months later - a > >repeat. (and the 20 or so emails and DM's I get from people letting me > >know ;) > > >Do you guys know of some kind of badware attacks that just sit dormant > >for 5 months?! Any suggestions on what I might check to prevent this > >from happening again in April 2009? ;) > > >Thanks again! > > >On Nov 12, 3:59 pm, Mr Speaker <[EMAIL PROTECTED]> wrote: > > > Hi, my site (http://mrspeaker.webeisteddfod.com/) has been flagged by > > > stopbadware again. Last time (about 5 monts ago) I was forced to join > > > up google webmaster things to request a "review". Within a few hours > > > my site was deemed un-bad again, but with no details on why they > > > thought it was bad. > > > > I don't have any ads, or third-party stuff on my blog, but I do have > > > tonnes of javascript (hey, that's what the blog is about ;) - I > > > thought some of that (xbm image code) might have triggered it as it > > > contains hex encoded strings etc. > > > > So i removed the potentially offending parts - and I thought that must > > > have been it, as I wasn't bothered by stopbadware again. > > > > But today it has re-surfaced. The google message is : > > > Of the 1 pages we tested on the site over the past 90 days, 1 page(s) > > > resulted in malicious software being downloaded and installed without > > > user consent. The last time Google visited this site was on > > > 2008-11-10, and the last time suspicious content was found on this > > > site was on 2008-11-10. > > > Malicious software is hosted on 1 domain(s), including 202.75.35.0. > > > > I've been scouring over the html output and can't see anything > > > weird... is there anyway of finding out a bit more information, so > > > that I can try and stop this happening again? > > > > Thanks! > > Regards, > Debbie ^v^ ^o^ //\o/\\ ^o^ ^v^ Webmaster - System Admin - IDSR > Bookmark our new Blog/Journal featuring News, New Arrivals and special > deals.http://nailgdsss-beautytech.blogspot.com/ > > [EMAIL PROTECTED] > (AOL or AIM - NailGdsss, GTalk - wkdwich, MSN - [EMAIL PROTECTED]) > WWWeb Services, Ronkonkoma, NY & Rocky Mount, VA > 631-981-1273 fax 631-981-7557 > ONLINE > STOREhttp://www.beautytech.com/shoppehttp://www.beautytech.com&http://www.beautytech.INFO > for Professionals for Consumers --~--~---------~--~----~------------~-------~--~----~ You received this message through the Google Groups "stopbadware" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/stopbadware?hl=en -~----------~----~----~----~------~----~------~--~---
