Badware

garrickdunstan · Member · Nov 19, 2018 at 3:58 am
Copy link

Add topic to favorites
Hi. I have recently started an AdWords Express Campaign and Google has indicated that my site is infected with two files which they consider malicous. I have changed my theme thinking perhaps it was that but they are still getting the same results. How does one go about finding it firstly and then removing it?

The blog I need help with is: (visible only to logged in users)
neelgajjar · Member · Nov 19, 2018 at 4:19 am
Copy link
I have added “modlook” tag for the staff assistance. You will get a reply soon from the staff.
drpapul · Member · Nov 19, 2018 at 4:23 am
Copy link
Hi there,

On a basic check, the DNS and the Nameservers of your website are different from WordPress.com.

However, the A records indicate WordPress.com. So, I am marking this issue for modlook so that WordPress.com official staffs can have a look at your website status.

(WordPress.com is different from WordPress.Org. Here is the link if you want to know more: https://en.support.wordpress.com/com-vs-org/)

So, wait for a WordPress.com support staff to update with further inputs.

Pointer: In case, your site is not hosted at WordPress.com then you would need to contact your hosting provider (from when you had bought the hosting). They will guide you in clearing the malware. There are also some reputed 3rd party companies that provide malware cleaning for self-hosted WordPress websites.

Regards
Deb
kokkieh · Staff · Nov 19, 2018 at 6:33 am
Copy link
Hi there,

There is no malware on your site at https://blog.thewoodjoint.co.za/. We continually scan for malicious files on all WordPress.com sites, and we completely block both the upload of any file types that could potentially contain malware as well as the very types of code itself with which malware is written.

Can you please provide details on exactly which files Google claims are on your site and are malicious?

@drpapul, did you try loading the site the OP indicated before you started looking up DNS records? The site shows the WordPress.com admin bar, the WordPress.com follow button, and the WordPress.com footer credit, all indicating it is without any doubt a WordPress.com site.

This site is at a subdomain. Subdomains are pointed to a server using either a CNAME or an A record (see https://en.support.wordpress.com/map-subdomain/), and where the name servers for the root domain are pointed are irrelevant in this case as it’s not the root that’s connected to WordPress.com, only the subdomain.
drpapul · Member · Nov 19, 2018 at 10:49 am
Copy link
@kokkieh

Thank you for the suggestions. Points noted :)

Regards
Deb
garrickdunstan · Member · Nov 20, 2018 at 10:42 am
Copy link
Hi. As per e-mail received from Google the following pages are infected with the following two badware

ri[.]galnpsd[.]com
teutorigos-cat[.]co

1. https[:]//blog[.]thewoodjoint[.]co[.]za/2013/11/02/high-level-wooden-deck-installed-durban/
2. https[:]//blog[.]thewoodjoint[.]co[.]za/gallery/videos-on-flooring/
3. https[:]//blog[.]thewoodjoint[.]co[.]za/2013/11/10/screwing-deck-boards-down-on-a-wooden-deck-in-durban/
4. https[:]//blog[.]thewoodjoint[.]co[.]za/about-the-wood-joint/
5. https[:]//blog[.]thewoodjoint[.]co[.]za/gallery/pergolas/
6. https[:]//blog[.]thewoodjoint[.]co[.]za/2013/09/24/solid-wood-flooring-installer-durban/
supernovia · Staff · Nov 20, 2018 at 7:51 pm
Copy link
Hmm, we don’t see that on your site at all. I’m wondering if their email has more context, though. We’ll reach out via email for more information… talk to you soon!
supernovia · Staff · Nov 20, 2018 at 8:00 pm
Copy link
I just wanted to note as well, a security scan on this site revealed the site comes up clean on several services, including Google Safe Browsing:
https://sitecheck.sucuri.net
garrickdunstan · Member · Nov 21, 2018 at 6:02 am
Copy link
Many thanks for helping here. I would be lost without your assistance. I too am getting a clean bill of health on every site I use to check for badware. Also when I search my posts and pages for the two infected links I don’t get any results. I will wait for your e-mail and will then send the e-mail on that Google has sent me. I can upload it here is you want. It is a Ubuntu Evolution Mail client file. .mbox
kokkieh · Staff · Nov 21, 2018 at 8:24 am
Copy link
It looks like @supernovia sent that email right after posting here, so it should be in your inbox already. If you don’t see it, please check Spam, and also try searching your email in case it was filtered somewhere else. The email would have come from help[at]wordpress.com
garrickdunstan · Member · Nov 21, 2018 at 9:20 am
Copy link
I received one from Automattic <(email visible only to moderators and staff)> signed as
Happiness Engineer at Automattic
garrickdunstan · Member · Nov 21, 2018 at 10:08 am
Copy link
(email visible only to moderators and staff). Can I safely reply to this one?
kokkieh · Staff · Nov 21, 2018 at 10:18 am
Copy link
That’s us, yes. Please reply there :)
garrickdunstan · Member · Nov 21, 2018 at 3:59 pm
Copy link
Thanks I’ve forwarded Google’s e-mail on
supernovia · Staff · Nov 22, 2018 at 1:14 am
Copy link
Thanks, found your email. We’ll leave this forum post open in case anyone else runs into this. For now though we’ll work via email. Cheers :)
garrickdunstan · Member · Nov 23, 2018 at 8:17 am
Copy link
Google has now sent me a mail to say that the site is all clear. The only change I made was to delete all comments in the spam queue which had never been approved in the first instance. Initially when they first flagged the site they came back to say it was all clear after making no changes at all and then it was subsequently flagged again. So let’s see if it gets flagged again.

Thank you all for your help on this. I was in the dark and it was very helpful to get feedback from people who know what they are doing.

Wordpress for life.

No items found.