: Users often say my website is infected, but can't find any evidence of this? I run a niche community and we have lots of users with very little experience, so it's hard to decide, sometimes,
I run a niche community and we have lots of users with very little experience, so it's hard to decide, sometimes, whether this is just a problem with amateurs butting heads with their virus software, or it's an actual issue that I just can't diagnose.
Bottom line is that I have used every virus scan I can find, and have come up blank. But about once a month I have people emailing me about their virus scanners giving them multiple warnings that our site is infected by a virus.
How can I ascertain what's going on here and fix it? Any suggestions are appreciated!
Site: www.starbase118.net -- runs of the most current version of WordPress.
More posts by @Pope3001725
4 Comments
Sorted by latest first Latest Oldest Best
Install a tool in your web browser that let's you see all the http requests made when you access your site. If you're using Internet Explorer, Fiddler is a good one; in Firefox, you can launch the Web Console.
After installing, launch the tool and navigate to your website; the tool will show you all the GET and POST requests that happen when you request a page from your website. Are requests coming from a domain you don't recognize? This may indicate malware being served from your site (a cross-site scripting attack can inject a call to a malicious script from your site).
Your site has probably been black listed on one of those "safe website" lists such as www.mywot.com/, sometimes they are used by overzealous anti-viruses (AVG, Kaspersky etc), and can flag as malware in the users browser.
You should ask the users who email you what anti-virus they use, then investigate further. If you have ever been hacked at all, you might not be able to get yourself removed.
Don't totally forget about the idea that you've been hacked though, there are some very clever hacks for WP out there which make your site look normal to users, yet servers an SEO-filled spam page to Google bot. Verify the Google cache of your site is correct too.
Subscribe to Google Webmaster Tools. Once your enroll your website, Google Webmaster Tools can help you detect if your site if infected with any malware.
Basic Security Steps
Since Wordpress is so popular there are a lot of drive by hacks knocking around taking advantage of flaws in basic security. All Wordpress users should take the following basic and easy steps to protect themselves:-
Do not use wp_ as the database table prefix, use any string of random characters that appeals.
Turn off Wordpress DB errors.
Make sure your directory's are set to chmod 755 and files 644.
Use a secure password generator (use at least 15 characters).
Do not use admin as a username.
Place a blank .htaccess file in the wp-admin directory.
Read Wordpress hardening
Read @Dunhamzzz 's answer below and check the Google Cache of your site for hidden malware.
Remove <meta name="generator" content="WordPress X.X.X" /> from your site's header by placing remove_action('wp_head', 'wp_generator'); in your functions.php file (drive by attackers will not have an easy way to find which version they are targeting).
TimThumb Hack
There also is a very popular drive by hack associated with an old version of the popular tim thumb script, which causes a lot of problems for webmasters. Check your uploads directory for php files and ensure you've upgraded to the latest version of the script to avoid this.
Advice
I run about 10 different Wordpresses and have found the WP-Security plugin and account from website defender invaluable, it scans your site regularly and reports on security errors, malware, and even page errors via email so you can be assured that you know when something goes wrong.
WP-Firewall is also very useful for defense against 0-Day exploits and VirusTotal is handy if you suspect an infection.
Akismet and Disqus.com are useful tools for defending against comment spam, and you should read the webmaster pros community wiki on this subject.
Webmaster Tools
@mvark is correct, you should also sign up to webmaster tools, but if you suspect an infection, take all steps to find and clean it up first or you may end up with Google warning your users that yours is a reported attack site.
If it detects an infection Google will send an email to all of the following addresses abuse@, admin@, administrator@, contact@, info@, postmaster@, support@, webmaster@ so you should ensure that you have at least one of these in place and monitored.
Paid Removal Services / Where To Get Help
There are also a number of sites which offer paid malware removal services, I would be very suspicious of these - many appear to be scams of one sort or another.
There is plenty of high quality help and support available for free in the wordpress forums, here on webmaster pro's, the wordpress stackexchange site and on stackoverflow. Don't pay for things you can fix on your own.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.