Malicious content?

Is that even how you spell malicious? Oh, it is. Anyway, it seems that Google has found some malware hosted on my blog and has thus flagged my site as “potentially dangerous”.

If you’re using Firefox or another browser that checks Google’s list of bad sites you’ll get a a big red page telling you that my site may harm your computer. It won’t and probably didn’t previously but I have found some code inserted into various places.

It’s possible, but unlikely,  that my site passwords were hacked. I don’t use easily-guessable passwords these days and I use a plugin called Login Lockdown that prevents multiple login attempts into the admin backend. It’s most likely that another site hosted on the same server is using some insecure script or other and someone prick has managed to get root access, or similarly administrative access, to the server itself.

I had a zero-sized iframe inserted into only one of the links in my blogroll and some malformed javascript inserted into the header and footer php files. Neither of these things were properly written – the syntax was all wrong in both cases – so whoever it was didn’t do a great job, but the URL of a known malware site was left in my source code and Google was able to pick up on that.

It’s good that Google does this, in cahoots with stopbadware.org. It’s a pain for me, in that I need to get my site reviewed again by Google so that it can be taken off the list, but also helpful in that they’ve found the attack for me. I’d have never known about it otherwise, not without scanning the site code and database – and there’s a LOT of code!

I’ve changed all my passwords just in case, along with changing the database name and user password. It shouldn’t happen again, but then you can never really know for certain when you’re using shared hosting.

3 thoughts on “Malicious content?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s