We’ve been getting errors/reports that Dvorak’s blog has been hacked and has malware on it. I’m the admin and I can’t find it. Could use some help and advice to figure this out. Email marc@perkel.com
Thanks in advance.
NOTE FROM JOHN. It currently appears as if Google itself is hacked or specifically targeting this blog. If you are reading this try this experiment which just worked for me. Go to Google then do a search for the blog. Just search for Dvorak. When you see “Dvorak News Blog” click on that and come to the site from Google. BINGO MALWARE. This is backed up by Google’s own self analysis which the company seems unaware. Click here to see.
FIXED!
Found code in the wp-config.php file.
Hey Mark
I have never had any problems here at all. No errors no malware, nothing.
Oh and I am a big fan of you and the CoR and a longtime member.
I found you years ago thanks to Bartcop.
Tim
Try the new experiment outlined in the post by me. Do it in a new window 🙂
My bet is it’s just a faulty entry in that blocklist. On firefox, it is invoked by having options–security–block reported attack sites.
My noscript doesn’t even bleep bleep here but maybe I should wait for a crack from *the scene* just to be safe??
No problem here. I check in a few times a day. Good luck,
My BL2 still works, but maybe if Apache is involved somewhere??
http://arstechnica.com/security/2013/04/admin-beware-attack-hitting-apache-websites-is-invisible-to-the-naked-eye/
The page display is skewed left on my monitor. Normally everything is centered. I only get the malware warning in Firefox. Nothing in IE9. I don’t use Chrome.
SEEMS coSHer heRE, BUT you mIGHT WanT tO CHECh wITH gIbson and La’pOrTE jUst fOr pEace of miND.
P.S. jesUs BUilT My keybOArD WITH AUToHoTKeY.
Safari is reasonably cranky about safety while surfing – and ain’t concerned at all.
Accessing right now w/mobile version Safari, iOS 6.1.3
When using the google app on my iPhone got the malware warning. Google quit being so douchie
Yep. I got the warning on my ipad mini/Safari.
Site opens fine with Safari 5.1.9 with no warnings
Yep. Malware warning in Google App for iPad.
This is just great since Google seems to be putting the malware on the site itself.
Find any malware? Didn’t think so. What’s even more great is that Google just has to say it’s there. What ever happened to ‘truth in advertising’?
addendum:
If you’re talking about iOS6, well they had that before they got here.
Chrome = Warning
Firefox = Okay
Have you done a dump of your SQL database and search the dump for the offending domains that the Google reports are showing.
Is “AutoMalware.com” taken?
I think Leo Laporte’s Twit.tv website had this issue a while back…
As of this instant firfox blocked me. IE didn’t and Chrome didn’t.
my font did just change.. now I getting skeerd??
I got the same thing. Crome telling me Evil, Caution, Danger. Went anyway because the address looked right. What’s there problem?
Seems to be back up.
And now it doing it again
No problem when I clicked on site from the dropdown menu in Firefox, but I got the warning when I clicked on link from search results, per John’s experiment.
Tried the search with “Bing” from IE10 with no problems. Posting from IE because when I clicked on comments link in Firefox, I got a Warning “Reported Attack Page”.
It’s either:
a) North Korea
b) Global Warming
c) Adam Curry Having a Foolie with Mr Dvorak
d) Google Was Hacked
e) The Trilateral Commission
f) None of the Above
ITM!
your site is definately hacked.
to prevent blog owners from finding the hack, the script will only show the hacked site if the referral is google.com
if you just enter the domain normally, it looks ok
http://sysmox.com/blog/hacked/how-to-find-injected-malware-in-a-wordpress-website
best bet to dump that javascript on the page, including the share this button..
keep your site script free and make the web a lil safer..
as a linux user i really dont worry to much about infections from web sites.. now all that tracking and crap scares the willies outta me!
anyone have tips on getting the willies back into ya?
Seriously, I went here:
http://sitecheck.sucuri.net/scanner/
And put in http://dvorak.org and it said Google has it blacklisted — and that’s it.
Click on the Blacklisting status tab and only Google has it listed.
Yup, I was dutifully warned. Can’t get to your site without the warning on a Google search.
yep same old game i find nothing woring hee
here
Well that’s it then. The illuminati have finally decided they’ve had enough.
Can’t fully usher in the NWO with this blog “in the way”.
Catch you on 7.0330 mhz on CW JCD
Adios MoFo. Its been fun.
Well you are still being blocked. Chrome would not let me go to your site until I hit advanced and then go anyway. This was as of 5/3/13 7:15 eastern.
After your righteous attack on the Glassholes, are you really surprised? 🙂
I have it FIXED. They hacked the wp-config.php file. All is good except for being blacklisted.
Good luck finding an actual Human at Google to correct the blacklist.
Just curious, were they trying to inject malware/etc or were they just screwing around with the site?
Fixing the manipulated wp-config is fighting a symptom, not the cause. To be able to manipulate the file in the first place, the attacker must have used an security whole in WordPress or one of the WordPress extensions installed on this blog (or an insecure password). Unless you identify and remove that security hole which allowed the attacker to manipulate wp-config in the first place, you will be hacked again in no time. Honestly, you seem to be lacking the most basic knowledge about web security…
Oh and btw: Google blocking sites that are known to spread malware such as viruses is a service that’s ment to protect it’s users from infecting their computers with malware by visiting the site, not a mechanism to silence paranoid conspiracy theorists that don’t know a thing about security…