{"id":864,"date":"2011-08-23T04:21:00","date_gmt":"2011-08-23T04:21:00","guid":{"rendered":"http:\/\/2slick.com\/web\/?p=864"},"modified":"2012-04-24T08:47:06","modified_gmt":"2012-04-24T08:47:06","slug":"somethings-not-right-here","status":"publish","type":"post","link":"https:\/\/2slick.com\/web\/somethings-not-right-here\/affordablewebsitestips\/tutorials","title":{"rendered":"Something’s Not Right Here!"},"content":{"rendered":"

If you've gone to your WrodPress website, in the Chrome browser and have seen this message:<\/p>\n

Warning: Something's Not Right Here!
\ncontains content from counter-wordpress.com, a site known to distribute malware. Your computer might catch a virus if you visit this site...<\/p>\n

\"\"<\/a><\/p>\n

Then your WordPress website has most likely fell victim to a hacker exploiting the vulnerability in your Timthumb.php<\/strong> file. The truth is, there's no telling what someone can do once they're able to get into your website like this. There is trend in what scripts are hacked and they can sometimes be easily fixed.<\/p>\n

Timthumb.php Vulnerability Common Fixes<\/h3>\n

First we'll update your timthumb.php file so that this vulnerability is gone.<\/strong>
\nUse an FTP program to replace your\u00a0vulnerable\u00a0timthumb.php file code with this newer version (Back up your original timthumb.php code before updating it just incase the new version brakes your site<\/em>): timthumb.php zipped<\/a><\/p>\n

Next we're going to clean out the most common infected files for this type of exploit.<\/strong> These files are the ones in your 'script' directory of the custom WordPress theme and your config.php file in the root of your install. Here's some instructions on how to replace the files:<\/p>\n

    \n
  1. Connect to your website via FTP<\/a><\/li>\n
  2. Unzip the custom WordPress theme, that you used for your WordPress website, into a directory on your computer.<\/li>\n
  3. Download the 'scripts' from your WordPress website: 'wp-content\\themes\\yourthemefolder<\/span>\\scripts' then delete the 'scripts' folder on your server.<\/li>\n
  4. Upload the scripts folder that you just unzipped from your theme into the\u00a0'wp-content\\themes\\yourthemefolder<\/span>\\' on your server. Now most of the hacked files should be replaces.<\/li>\n
  5. Download the 'wp-config.php' from the root directory of your WordPress install. Open this file in notepad or a code editor. This file should be about ~90 lines long. If your file is much longer then this and or has extremely large blank spots in the code (over 30 lines long) it's probably been tampered with.
    \nSo an infected wp-config.php file will have about ~90 lines or proper code, a ton of blank lings, a bunch of \u00a0lines of hacking code, a ton of blank lines again then the end of the\u00a0document. Back this hacked file up as wp-config_hacked.php and create a duplicate of it.<\/li>\n
  6. Highlight the blank lines of code, the hacking code that's between them and delete it all.<\/li>\n
  7. Save this file as wp-config.php<\/li>\n
  8. Upload your new wp-config.php into the root directory of your WordPress install replacing the current one that's there.<\/li>\n<\/ol>\n

    <\/p>\n

    Now we're going to test to see if your site's fixed.<\/strong><\/p>\n

      \n
    1. Open a new tab in your Chrome browser and type in the page of your website that previously caused the error to\u00a0occur.<\/li>\n
    2. Hold down the 'Ctrl' key, the 'Shift' key, and press the 'Delete' key.<\/li>\n
    3. Check the boxes 'Clear browsing history', 'Empty the cache' and 'Delete cookies and other site and plug-in data'.
      \n      \"\"<\/a><\/li>\n
    4. Click the 'Clear browsing data' button.<\/li>\n
    5. return to the tab of your browser that produced the error page, hold down 'Ctrl' while you press the 'F5' key to refresh the page.<\/li>\n<\/ol>\n

      Hopefully the error is gone and your site is fixed. If not contact your web host and tell them your site's been compromized and they should scan your site for injection scripts etc. There is also a chance Google flagged your site and you will have to request to be delisted even after the threats are removed from your site.<\/p>\n

      If you are seeing a Google Attack Page when you visit the site, use the steps below to request that Google review the site and hopefully remove this block.<\/p>\n

      This excerpt was copied from the URL below, and provides step by step instructions to request a delisting.<\/p>\n

      http:\/\/www.google.com\/support\/webmasters\/bin\/answer.py?answer=45432<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

      If you’ve gone to your WrodPress website, in the Chrome browser and have seen this message: Warning: Something’s Not Right Here! contains content from counter-wordpress.com, a site known to distribute malware. Your computer might catch a virus if you visit this site… Then your WordPress website has most likely fell victim to a hacker exploiting […]<\/p>\n","protected":false},"author":1,"featured_media":950,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,4,6],"tags":[156,158,157,159,164,69,155],"class_list":["post-864","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-affordablewebsitestips","category-tutorials","category-wordpress","tag-attack","tag-malware","tag-timthumb","tag-virus","tag-vulnerability","tag-wordpress-2","tag-zero-day"],"_links":{"self":[{"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/posts\/864","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/comments?post=864"}],"version-history":[{"count":17,"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/posts\/864\/revisions"}],"predecessor-version":[{"id":2474,"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/posts\/864\/revisions\/2474"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/media\/950"}],"wp:attachment":[{"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/media?parent=864"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/categories?post=864"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/2slick.com\/web\/wp-json\/wp\/v2\/tags?post=864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}