I don't think dormant or peekaboo attacks are very common, but there's no doubt they can do it.
Check your db as well as your files. Are you seriously keeping your old WP updated with all of this? http://secunia.com/advisories/search/?search=wordpress If you can't upgrade to latest WP, watch your logs closely and find these attacks when they happen. I wouldn't recommend playing the re-re-re-review game. If your site attacks enough of your visitors, they'll leave you. On Nov 15, 10:11 pm, Mr Speaker <[EMAIL PROTECTED]> wrote: > Yes, I'm overly careful with my passwords - and have changed both db > and ftp passwords several times since the first time I got the > warning. No files have been modified (at least, the timestamps say > they haven't) and I have scoured the database for anything unusual, > but nothing. > > Google now says I'm hunky-dory and says "no suspicious stuff in the > last 90 days" which seems weird, because they just said "1 suspicious > thing found" a few days ago. > > I'm not going to invest heaps of time re-writing code for the new wp, > so I'm happy to keep doing the "please review and re-ok my site" game > - but I'd also like not to distribute malware - is it likely that bad > dudes would hack your site, leave it there for a few days, then remove > the malware and cover their tracks? I can monitor file hashs and > logins on my account - but does I'd like to know if this is a common > sounding attack, or I'd just be wasting my time. > > Thanks! > > On Nov 15, 1:55 am, Debbie D <[EMAIL PROTECTED]> wrote: > > > > > It's not random.. the bad guys either have your login info (you did > > change it from another computer didn't you?) and or they are using > > "bots" to search WP sites for vulnerabilities.. the attack you had > > this time may be a different one, from a different group.. there are > > a million scenarios.. > > Debbie > > > At 05:29 PM 11/12/2008, you wrote: > > > >Thanks for your help guys - after review last night I was un-badded > > >again... But It's really a bit concerning to me - I check all my > > >comments as they come in, and I have checked all my wordpress files > > >and they seem clean (and at least unmodified for a long time!) - It IS > > >an old (highly modified) version of wordpress (I try to keep up with > > >security issues, but it's certainly possible I've missed something. > > > >My question is - why would it be "random" - My site was deemed to have > > >badware, I request review, it gets "okay"-ed. 5 months later - a > > >repeat. (and the 20 or so emails and DM's I get from people letting me > > >know ;) > > > >Do you guys know of some kind of badware attacks that just sit dormant > > >for 5 months?! Any suggestions on what I might check to prevent this > > >from happening again in April 2009? ;) > > > >Thanks again! > > > >On Nov 12, 3:59 pm, Mr Speaker <[EMAIL PROTECTED]> wrote: > > > > Hi, my site (http://mrspeaker.webeisteddfod.com/) has been flagged by > > > > stopbadware again. Last time (about 5 monts ago) I was forced to join > > > > up google webmaster things to request a "review". Within a few hours > > > > my site was deemed un-bad again, but with no details on why they > > > > thought it was bad. > > > > > I don't have any ads, or third-party stuff on my blog, but I do have > > > > tonnes of javascript (hey, that's what the blog is about ;) - I > > > > thought some of that (xbm image code) might have triggered it as it > > > > contains hex encoded strings etc. > > > > > So i removed the potentially offending parts - and I thought that must > > > > have been it, as I wasn't bothered by stopbadware again. > > > > > But today it has re-surfaced. The google message is : > > > > Of the 1 pages we tested on the site over the past 90 days, 1 page(s) > > > > resulted in malicious software being downloaded and installed without > > > > user consent. The last time Google visited this site was on > > > > 2008-11-10, and the last time suspicious content was found on this > > > > site was on 2008-11-10. > > > > Malicious software is hosted on 1 domain(s), including 202.75.35.0. > > > > > I've been scouring over the html output and can't see anything > > > > weird... is there anyway of finding out a bit more information, so > > > > that I can try and stop this happening again? > > > > > Thanks! > > > Regards, > > Debbie ^v^ ^o^ //\o/\\ ^o^ ^v^ Webmaster - System Admin - IDSR > > Bookmark our new Blog/Journal featuring News, New Arrivals and special > > deals.http://nailgdsss-beautytech.blogspot.com/ > > > [EMAIL PROTECTED] > > (AOL or AIM - NailGdsss, GTalk - wkdwich, MSN - [EMAIL PROTECTED]) > > WWWeb Services, Ronkonkoma, NY & Rocky Mount, VA > > 631-981-1273 fax 631-981-7557 > > ONLINE > > STOREhttp://www.beautytech.com/shoppehttp://www.beautytech.com&http://www.... > > for Professionals for Consumers- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message through the Google Groups "stopbadware" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/stopbadware?hl=en -~----------~----~----~----~------~----~------~--~---
