My initial (useless) response to this knowledge was indignation. “How could my site be infected? It’s well groomed, fed, and practices safe sex!” Still, I searched the site’s code, did a few updates, changed some passwords, and assured myself the site was clean. I informed Google as such – but my pleas were ignored. Feh.
Next I requested “review” from StopBadWare – and received a note informing me of certain evil residing on “/page/2” of my blog. Sigh. But this bit of information was helpful – more precise than the generic “your site = bad” delivered by Google. With that knowledge in hand, I searched again – this time focusing on the posts and comments contained on that page – not the WordPress code itself.
And voila! I found the evil, and it looks something like this:
That image still contains the actual IP address and web address from the original code. I’d NOT suggest punching those into your browser.
If you too have been hit by the “This site may harm…” message – then here’s how I solved my problem:
1. Send a request for review to stopbadware.org – they should reply with details on where and what to look for.
If you suspect you’ve been hit with the same code I was then:
2. Use the search function of WordPress to look for “wp-stats” or “Traffic Statistics”.
3. Edit the offending post’s code, and remove the chunk related to “Traffic Statistics”.
I hope that while my site was infected it didn’t pass anything along to my readers. I’ll do my best to keep an eye on this stuff from now on.
4 responses to “This site may harm…”
Thank you for finally fixing it. I guess I just ignored it and hoped FF would protect me from site rot.
Also, what happened to the “more stuff” that you were going to post once you had “grabbed it off my camera”.
Hopefully I’m using GNU/Linux, I guess there was nothing to be afraid of then ;Â·D.
Make sure you update to the latest version of WordPress. There have been a bunch of security vulnerabilities fixed in the last few months, and that’s how malicious iframes usually end up on a WordPress-driven site in the first place.