Did Google Label Your Blog Harmful?
May 18, 2008 by Michelle Waters · 3 Comments
A few months ago, one of my clients reported that her blog had been labeled harmful by Google. You can see this when you look at her site in a Google listing:
Now, normally, when a hacker injects code into a website, it is, in my experience, in the form of a file. They find an insecure directory (usually with 777 CHMOD) and upload a bad file to the site.
So when my client reported this to me, I scanned her files with a fine tooth comb — and found nothing.
I then upgraded her blog software, in an attempt to overwrite whatever file was messed up. Afterwards, I checked the dates on all files to make sure there wasn’t some rogue file sitting around messing everything up. Nothing.
But I have figured out what the problem is now.
Because Wordpress had a security hole in version 2.3, the hacker was able to inject the bad code directly into a post.
I’ve found the codes by doing a search directly on the blog for the term:
iframe
Then edited the post to remove the highlighted code.
Read this post to for more information on how to remove the downloader virus.
How to find out if your site is infected
UPDATE: Thought I’d add some more instructions on how to find out if your site is affected by this. If you have already found out that your site has been deemed harmful by Google, simply do a Google search on your domain name. your listing will look like the first screenshot above.
In your Google listing, click the title of your site’s entry. Google will then take you to a page warning you that visiting the site might be harmful to your computer. In the warning’s second paragraph, you’ll want to click the link to Google’s Safe Browsing diagnostic page. (This is the link to that page for Mundane Superhero.)
You’ll see a line that says something like:
Malicious software is hosted on 1 domain(s), including wp-stats-php.info.
What to do if you’ve been hacked
If you follow the instructions above and discover that your site has been hacked, you’ll need to follow the original instructions in this post to remove the code from your blog posts.
Next, read Google’s instructions for sites that have been found to have malware.
At the end of this post, you’ll see instructions for signing up for Google’s Webmaster Tools (Which I highly recommend!), verify your site, and requesting a review of your site.
