March 4, 2009 Update: My plan has worked out very well and everything is back to normal without too much of an interruption. My request for Google site review took a total of 12 hours and it was completely handled through Google Webmaster Tools. Google spidered the entire site for about 6 hours checking every existing page on the site from Mountain View California. Around 6pm EST I was given a new notice in my Webmaster Control panel that the notice would be removed with the next update which took place about 90 minutes later.
I’d like to thanks a few people who gave me some good advice. If this does happen to you make sure that you:
I woke up this morning ready to get to work and as per usual I check my sites indexes in Google, Yahoo and MSN. Even though it’s a beautiful sunny day outside I was shocked to see the following:
Bad News for Tuesday Morning to be sure. So the question is what do I do and how do I get this bad message off my Search Listing?
I’m not too concerned to be honest except for the fact that my site is vulnerable to this injection attack. I would love to smack the hacker that instituted this attack.
So first things first:
What is this message all about? Well when I viewed the source of my site I saw what is called an obsfucated injection attack on the footer of every single one of my pages. This is a bit of a pain since I am using WordPress MU with a number of plugins.
That means that the hackers could have injected their little code block into my theme, my plugins into the core WordPress MU files. Not a pretty thought to have to go through all of those areas to remove these individual code blocks. Bottom line: my site got hacked. What steps do I take to repair the damage that’s been done?
My plan to remove the PHP injection attack:
That’s my plan. I am about half way through it but there are some serious issues at play here since it is not only Google which is tagging my site as malicious (bad for business!). Check out the number of blocks which exist:
Google Malicious Message:
I’m not Malicious but Google thinks I am so next step is to click on the SERP that’s when Firefox jumps in:
After clicking the SERP Firefox jumps in and says I am an attack site. How fascinating but just wait. It’s not over yet when I get to the site:
Firefox toolbar warning
So clearly the powers that be and the tools on my computer are working hard to identify malicious sites. It is very clear that this site could be malicious and even though it was through no intent on my part the bottom line is that my site was hacked and turned into an attack site. This is a good line of warnings to any user and in the time frame that I am repairing the site and hardening my WordPress to ensure this does not happen again I don’t really mind having these messages there.
They are good for users.
Update – Twitter just sent me the source of this injection attack:
Uh oh! We found a bad apple in your Twitter feed.
We detected a link in your account pointing to a phishing site or other harmful material that we identified as malware. Here’s the troublesome post:
“@BlogDuJour hey there try out my blog [ your unsafe link was here ] – I am in the process of redesigning now but should be back to normal soon!”
March 02, 2009 22:07
We removed this update from Twitter. Please be mindful of others in the Twitter community, and post only safe links on Twitter.com.
Thanks! Twitter Support
A human being spinning around on this big blue marble with the rest of you, interested in Media // Music // Art // Family // Business // Founder of http://hny.pt
Integrating Bootstrap and Genesis
How to exclude Digg Digg from WordPress pages & posts
Google Font API Thesis and WordPress
WordPress Desktop Client for Mac
MacJournal Review and Tests
WordPress Backup Plugins
WordPress Exploit Gumblar .cn
WordPress Security Plugins