Upgrade Wordpress or risk getting flagged as badware by Google
From its launch, StopBadware.org has raised questions of what happens when a legitimate site gets flagged as ‘badware’. When this happens, affected websites get a warning that “This site may harm your computer”, beneath the listing in Google’s search results pages. When users click a result, they are not taken to the website, but instead a strongly worded warning page - a traffic killer if there ever was one.
It seems that this month has seen a potentially large (but as yet unreported) number of hacked Wordpress blogs getting this exact problem.
This is due to a vulnerability in Wordpress versions earlier than 2.3.3 that allows hackers to inject code into your posts. Rather than going down the unsubtle route of sticking tons of affiliate viagra links into your posts, it seems that the latest hack is an <iframe> tag claiming to be stats code; invisible unless you view the page’s source code. According to the stopbadware blog, this code proceeds to attack blog visitors’ computers with the ‘JS_PSYME.XP’ virus.
If you’re affected by this, the fix is to upgrade Wordpress, and when the upgrade is complete, search for ‘iframe’ in the ‘Manage’ tab of your WP admin console. If you find any of the following code, delete it:
<!– Traffic Statistics –> <iframe src=”[link removed]” frameborder=”0″ height=”1″ width=”1″></iframe> <!– End Traffic Statistics –>
<!– Traffic Statistics –> <iframe src=”[link removed]” frameborder=”0″ height=”1″ width=”1″></iframe>
<!– End Traffic Statistics –>
Then you need to sign up for Google’s Webmaster Tools and request a review of your site to have the badware flag removed. When this happened on one of my blogs, I received a response within 24 hours, although at this point I had not identified the hack, so the warning was not removed.
Not a very fun process for non-technical users huh?
March 3rd, 2008 at 7:55 pm
[...] always someone who does have the know-how, and I was subsequently advised by my learned friend at Pagespank.com that some horrid hacker had ‘injected’ and ‘iframe virus’ into my site. It [...]
April 23rd, 2008 at 10:49 am
[...] to my previous post about Google flagging some Wordpress blogs as badware, the Google Operating System blog points to a Google API that allows webmasters to monitor their [...]
May 20th, 2008 at 2:56 am
How can you tell what version you have?
May 20th, 2008 at 8:33 am
Look in your blog’s source code for this meta tag:
<meta name=”generator” content=”WordPress 2.x.x” />
May 23rd, 2008 at 8:25 am
This is something that makes wordpress less admin-friendly than blogs like blogspot.
You have to update, otherwise google gets on your bad site mwahahah!
The vulnerability is XSS (cross site scripting)…i can’t believe wordpress has these holes
July 14th, 2008 at 5:31 am
Thanks for the help. I found that nasty spam and zapped it off my site. will be upgrading soon to the latest WP version. I have a lot of PHP edits to files for SEO reasons and to integrate the blog into my existing site so I’m not looking forward to the task.
Thanks again, you made it a lot easier to find and zap.