eye_of_the_storm

Anyone else getting, this site is dangerous / malicious warning / being blocked etc? wtf

Recommended Posts

I found some help for some folks whose site was getting similar Google messages here:

 

http://redleg-redleg...cious-site.html

 

Theirs was a Joomla 1.5x site, and the hack did indeed involve redirects. Not sure if it's related. That hack was on a Friday night, and wasn't fixed until the following Wednesday; I first noticed the Google messages related to Tao Bums Saturday, and I'm sure Sean was very busy today.

 

Not sure how they get in, whether it's a password or an injection, but they leave a php file that creates .htaccess files in every major directory of the CMS, and if the .htaccess files are removed the php file will recreate them in a half hour or something- that's how Redleg described it in the blog above, and I know the problem seemed to be propagating on the site that I fixed.

Edited by Mark Foote

Share this post


Link to post
Share on other sites