weird issue after phishing hack

  • I’m stumped. I’ve been designing WP themes for years and now one of my own personal sites is acting up.

    I have a travel blog and last week I got hacked through a timthumb exploit. I was forced to remove offending files by my host in order to get the site unblocked. I did so and then re-uploaded any WP files that I had deleted.

    Now the site does not show any CSS styles in FF. Even if I switch to a different theme… weird.

    In Safari and Chrome, the site displays as normal.

    I am very proficient in CSS and have tried Firebugging the source code to see where the issue is… perhaps it’s so obvious that I can’t see it in front of my eyes?!

    Any help would be appreciated.

    https://www.sequoiagypsy.com.au

    P.S. Some friends are reporting that Google still shows the warning (other say they get right in) so be aware it may show it.

Viewing 3 replies - 1 through 3 (of 3 total)

  • Calling the style sheet directly in Firefox is still sending up a security warning and being blocked, but the block is only visible when you access the css directly. It’s triggering the Firefox built-in phishing and Malware protection for some reason.


    “This web page at has been reported as a web forgery and has been blocked based on your security preferences.”

    Thread Starter woodenpier

    (@woodenpier)

    So, the site is working correctly accept that FF is automatically blocking the style sheet(s) rendering the page ‘basic’?

    I’ve reported the site to Google as being falsely blocked. That was two days ago. I don’t see any malware come up on Web Developer Tools scan (in order to request a human review form Google) so in theory they know the site is safe.

    Anyone know how FF determines blocking? Anyway to request it to be unblocked?

    So, the site is working correctly accept that FF is automatically blocking the style sheet(s) rendering the page ‘basic’?

    Looks to be the case. You can test it by calling the style sheet directly

    sequoiagypsy.com.au/wp-content/themes/TheTravelTheme/style.css

    Then go to Firefox options > security > and un-check “Block reported attack sites” and “Block reported web forgeries” and retest. It seems to work fine after that. The site looks fine with those options un-checked.

    Anyone know how FF determines blocking? Anyway to request it to be unblocked?

    https://www.mozilla.org/en-US/firefox/phishing-protection/

    Last question on the page has links to removal request forms.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘weird issue after phishing hack’ is closed to new replies.

Tags