When I tried to access this site today I was shocked to find that Firefox informed me that I shouldn’t visit the site as *I* was distributing malware/badware. Here’s what I saw instead of my homepage:

Even worse when you view this site in Google’s search engine here’s what they do to it:

So I’ve spent some time going through the site looking for any evidence of malware, hacking or anything that’s obviously changed. At first I couldn’t find anything to confirm Google’s assertion that my site is harmful. So I checked with MacAfee: http://www.siteadvisor.com/sites/businessopportunitiesandideas.com:

Norton says the site is untested, so no help there: http://safeweb.norton.com/report/show?url=businessopportunitiesandideas.com. I was beginning to wonder if Google was wrong, but a bit more time spent searching on Google led me to the problem, the file \wp-includes\js\jquery\jquery.js had been changed with the addition of the malicious code:

document .write(unescape(’%3C%69%66%72%61%6D%65…snip…));

I’ve not listed all of the code, just enough that anyone else who has this problem can identify it. The decoded version includes an iframe that pulls in a page from awasim.com. For anyone looking for similar code the quickest way is to search ALL your site’s code for “unescape”.

Restoring that file to the original version should remove the malware. So now to do my best to secure the rest of the site and stop it happening again, however one problem still remains, it seems Wordpress blogs are too open to being hacked

My apologies to anyone that reads the site. If you don’t already please make sure you use a virus checker.

Subscribe:
If you enjoyed this post and would like to be kept updated on future posts, then please Subscribe by Email or subscribe to my RSS Feed.