Google starts to block hacked WordPress blogs as malware (opens in new tab)

(markmaunder.com)

17 pointsd214y ago11 comments

11 comments

11 comments · 8 top-level

AaronInCincy14y ago· 2 in thread

This is nothing new - they do it to everyone that they detect as hosting malware. I cleaned up a clients site that was experiencing this about 8 months ago.

bwb14y ago

Any interest in helping us to beta our new product? WebPub.com?

We hope to offer malware detection and clean up services later this year. But if its auto updated half way there. My email is Ben@WebPub.com too.

brokentone14y ago

Agreed, I had a cleanup several months back myself. I must say that it's annoying how long it takes to get off the list, and surprising how quickly they add you. I cleaned up the site, but there was still a backdoor in a plugin file (necessary to the site, but written with heavy obfuscation by paranoid developers) that I missed and the site was compromised again. Soon as it finally started reporting clean it was on the list again.

geekam14y ago· 1 in thread

This serves as a reminder for me to upgrade my installation.

I was wondering if they flag hacked themes only, installations too.

bwb14y ago

It should be anything they detect malware on, or any of their detection procedures so shouldn't be a problem if its affecting the site they would block or warn.

bwb14y ago

Hacked blogs can be used to upload malware as well as shells and tools that can be used for spamming/phishing, so all the same thing. Decent first step.

This is also a big reason why we started Webpub.com (startup), it keeps all your WordPress insallations auto-updated without you having to do anything. And soon plugins/themes and other scripts like Drupal, Magento etc. Spent the last year building a framework on the bottom for secure FTP/Web interaction, an XML-API for the middle, and the frontend just launched about 50 days ago.

eli14y ago

Sure, why should a hacked wordpress blog be treated any differently from any other site distributing malware?

tzs14y ago

They should include WordPress blogs using the OnSwipe theme in the block list. They often crash the browser due to their out of control memory usage.

kevinburke14y ago

Quick plug - I host a lot of my friends websites for them on Webfaction. I uploaded a theme from Woothemes for a friend that contained (without me knowing) an outdated version of timthumb.php. Webfaction emailed me that the plugin was outdated and automatically upgraded it to the newest one.

I've had no complaints with them and if you're worried about this sort of activity you might want to consider switching to use them as a hosting provider.

jmathai14y ago

They really should deal with spamming/phishing blogspot blogs first.

farms14y ago

They were doing it years ago.

j / k navigate · click thread line to collapse

11 comments

11 comments · 8 top-level

AaronInCincy14y ago· 2 in thread

This is nothing new - they do it to everyone that they detect as hosting malware. I cleaned up a clients site that was experiencing this about 8 months ago.

bwb14y ago

Any interest in helping us to beta our new product? WebPub.com?

We hope to offer malware detection and clean up services later this year. But if its auto updated half way there. My email is Ben@WebPub.com too.

brokentone14y ago

geekam14y ago· 1 in thread

This serves as a reminder for me to upgrade my installation.

I was wondering if they flag hacked themes only, installations too.

bwb14y ago

It should be anything they detect malware on, or any of their detection procedures so shouldn't be a problem if its affecting the site they would block or warn.

bwb14y ago

Hacked blogs can be used to upload malware as well as shells and tools that can be used for spamming/phishing, so all the same thing. Decent first step.

eli14y ago

Sure, why should a hacked wordpress blog be treated any differently from any other site distributing malware?

tzs14y ago

They should include WordPress blogs using the OnSwipe theme in the block list. They often crash the browser due to their out of control memory usage.

kevinburke14y ago

I've had no complaints with them and if you're worried about this sort of activity you might want to consider switching to use them as a hosting provider.

jmathai14y ago

They really should deal with spamming/phishing blogspot blogs first.

farms14y ago

They were doing it years ago.

j / k navigate · click thread line to collapse