1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

HELP! My website got malware and blocked by Google again!

Discussion in 'Outages' started by wickedpork, Sep 28, 2013.

  1. #1
    Help.. desperately need help and advice.. my website was once blocked by Google due to malware.. my webhost supposedly 'cleaned' it up for me, I submitted for Google to re-review it again, and it got active again.

    However, today I checked.. my website was blocked again! What is happening? I updated to the latest Wordpress version and also changed my password as advised.. but it happened again.

    Below is the screenshot of the error message: http://www.flickr.com/photos/90562463@N04/9979037975/

    Please help.. shall I be changing web host since it is down so often? Or is this a web host issue or my issue? I have no idea..
     
    wickedpork, Sep 28, 2013 IP
  2. malky66

    malky66 Acclaimed Member

    Messages:
    3,996
    Likes Received:
    2,248
    Best Answers:
    88
    Trophy Points:
    515
    #2
    It's a fact of life if you use turdpress your site will get hacked at some stage, probably due to some crappy outdated plugin, theme or just because of it's diabolical poor unsecure code, just search "wordpress hacked" on google and you'll see what i mean.
     
    malky66, Sep 28, 2013 IP
    ryan_uk likes this.
  3. ryan_uk

    ryan_uk Illustrious Member

    Messages:
    3,983
    Likes Received:
    1,022
    Best Answers:
    33
    Trophy Points:
    465
    #3
    Malky66 is right: it's a fact of life with WordPress, but the chance can be reduced by solving that glaring error above - your webhost cleaned it. I have a feeling they did a file restore and didn't fix the root-cause (outdated plugin, theme or whatever other insecurity). You need to learn more about the technicalities yourself, how to fix these issues, how to secure WordPress properly (the BulletProof Security plugin will help with his).

    You could switch hosts, but find the same problem. Yes, it's possible due to an insecurity in their server you are being hacked (but then so would probably all of their customers).

    So improve your skills and secure WordPress, or take an objective look at your site and ask yourself, "Do I really need to use it?" For a site that isn't updated regularly, doesn't do any database lookups, etc, that is effectively static then no. You could code it up in HTML. If you do need a database, look for a more secure alternative.
     
    ryan_uk, Sep 28, 2013 IP
    dcristo and malky66 like this.
  4. matt_62

    matt_62 Prominent Member

    Messages:
    1,827
    Likes Received:
    515
    Best Answers:
    14
    Trophy Points:
    350
    #4
    you are going to have this issue regardless of which webhost you use. There are companies that offer full management of your wordpress site but they tend to charge $30 - $50 per month.

    Try installing wordfence to help scan your site for malware, bulletproof security can help you to secure your site. Now these are just 2 suggestions of a wide range of things that you should be looking into, so start with these, then read up articles on how to secure your wordpress website.
     
    matt_62, Sep 29, 2013 IP
  5. wickedpork

    wickedpork Member

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    25
    #5
    thanks for all the advice folks.. i got someone to clean up my site already cos i'm really not a tech person.. he found a malware and removed it plus did some protection for me.. and hopefully I will be able to safeguard my site myself after this. .i will read up on how to secure my site and noted on wordfence, matt. thks!
     
    wickedpork, Sep 29, 2013 IP
  6. dcristo

    dcristo Illustrious Member

    Messages:
    19,776
    Likes Received:
    1,199
    Best Answers:
    7
    Trophy Points:
    470
    Articles:
    7
    #6
    Probably they restored an older backup and you got hacked again. Look for any vulnerabilities to prevent your site from getting hacked again.
     
    dcristo, Sep 29, 2013 IP
    ryan_uk likes this.
  7. wickedpork

    wickedpork Member

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    25
    #7
    sorry guys.. i have another question.. i have this shown on my site:

    Your backup folder MIGHT be visible to the public:
    To correct this issue, move the .htaccess file from wp-content/plugins/wp-dbmanager to /home/xxxx/public_html/wp-content/backup-db

    I thought I have already done so.. but the message is still there.. any ideas how to tell whether my backup folder is still visible to the public?
     
    wickedpork, Sep 29, 2013 IP
  8. imuncutno1

    imuncutno1 Well-Known Member

    Messages:
    603
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    170
    #8
    I never use wp-dbmanager for backup my WP blog. I use "backupbuddy" or manually backup direct from mysql.

    As mentioned above, use "bulletproof security" and "wordfence", since both free. When you install bulletproof security, it will guide you to install "htacess". Remember to activate root access + wp-admin access as well activates for deny htacess...

    You might also install "ip-blacklist" for blacklisting an ip which you think is suspicious.
     
    imuncutno1, Feb 10, 2014 IP
  9. Epressio

    Epressio Peon

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #9
    Try installing ELI Antivirus (download at Wordpress Plugins)... ELI is free, easy to use and does a very good job at removing malware and other nasties...

    Roger
     
    Epressio, Oct 2, 2015 IP