Malware Notification from Google
by jamiericey
over 2 years ago

Hi,

I received a Malware notificationg from Google about my website www.like2fight.com

I’m trying to locate the problem and find out how to deal with it but I’m a bit of a novice on computers, this is what I have to find and remove:

http://www.google.com/safebrowsing/diagnostic?site=www.like2fight.com

Any ideas???

Thanks

Jamie

by redleg
over 2 years ago

Your site is currently doing what is called a conditional redirect with the condition being that the referring page is a search engine. When a request is made for a page on your site the request provides your server with some additional information beyond which page is being requested. The information provided varies but typically the request will include information about the user agent, ie the browser being used to make the request, and the referring page, the page that contains the link that is being clicked on such as a search results page. These types of conditional hacks are frequently used by hackers because it normally takes longer for site owners to discover and remove the hack.

For sites hosted on Apache one of the most common ways this type of hack is accomplished is a hack of an Apache file named .htaccess. This file is typically located in the root directory of a site although there can be multiple .htaccess files on a site in multiple directories. On some sites .htaccess files may be located in directories/folders above the root directory of the site.

Check the .htaccess file for any suspicious redirects, redirects to http:// xfsoduoxfv . mrbasic . com/vimond/index.php be sure to scroll all the way to the botom of the file hackers sometimes add 100s of blank lines before the malicious code, "tab the code way over, and then add 100s more blank lines. On some servers the .htaccess file is a hidden file so you may need to select something like “Show hidden files”.

If you do not find anything in your .htaccess you will have to check the code in your pages for the malicious code.

Another common method is the use of php code. This code is almost always obfuscated. With php the lines of code typically start out eval(base64_decode(" then a long string of characters.

With Wordpress sites the homepage, index.php is a good place to start and these are some common files that hackers hit.
wp-load.php, wp-config.php

About Contact Us Terms & Conditions Privacy Policy Copyright