mandeville49

Update
Google removed the site warning today!

Now I just have to wait for the search engines to find my BLOG again ??

So, this is over – finally. Thanks to everyone for your good help.

Really has been appreciated.

James

Hello DianeV,

Thanks for the interest.

Well from my side a lot is happening, from Google’s side zero.

For a start, I decided to learn something about WordPress and read ALL the documentation this time before I started again with WordPress. I read up a bit on coding and managed to intall a menu bar with help from Thomas Natter (Drikatruu Jelly template designer).

I deleted my old installation and installed 2.5.1 with the automatic upgrade plugin this time! I deleted MYSQL and started with a new database because I found the old one had been hacked into as well as the wp-admin folder. My web hosting company deny this is possible, but none-the-less it happened.

I decided to republish my previous posts, so I’m please with that because I use the BLOG as an info page for new writers. They can access these new pages now from my website fine.

So, some progress, except Google are still blocking specific old posts – although on WebMaster tools it does say that they can take several weeks to process a review request. This is annoying, but only affects people who find these pages through Google search. On other portals you get the missing 404 error (because I deleted most of them). I have just requested that Google remove all the old BLOG pages that now return error 404. This may help to clean things up.

Technorati and Pingoat are now accepting my pings, they didn’t when Google first blacked the site.

That’s where I’m at with all this.

I found links to casinos in my WordPress site too and deleted them, upgraded to 2.5.1, cleaned everything up and asked for my site to be reassessed by Google. A week later it is still flagged as unsafe. Shit this sort of thing because people who read your blog see the site is unsafe and probably don’t return. So, you spend weeks building up a community and then bang -all your hard work is ruined. If your blog is linked to your company website (mine was) it also reflects on the image of your corporate site as well. Traffic to my site has fallen from 648 hits per day to 15 since this happened. Online sales have fallen from 325 sales per day to 0.

The people who do this should be shot.

Update:

My hosting co. say this is nothing to do with my MYSQL database which runs on a Linux Server – the warnings received from Trend referred to Microsoft Desk Engine.

I have applied to Google to have the site unblocked ?? We will just have to see what happens!!

Rosie,
Thanks for your interest. Following your advice, I have notified my host and provided them with a copy of the Trend Micro report. Interesting to hear what they say.

OK, ok – I looked up your link to “anti-Googleness” ?? quite amusing, we didn’t go that far – easy to get paranoid when this sort of thing happens to you for the first time.

As far as not giving up – well, that is largely due to the kind help and support of people like you and the others who have given up valuable time to read my posts and offer help.

Have a great day,
James

Not quite sure what this means (sorry;)but when I upgraded to 2.5.1. the database was cleaned and rebuilt. Will that do it?

Using the automatic upgrade plugin I have repeated the upgrade to 2.5.1. successfully and can now sign in on the admin panel. https://www.burn-a-book.com/wordpress2/ is now back online. I still have serious concerns about the previous breach of the site and Google’s blocking of the site as unsafe. Before attempting to have the site relisted by Google I would appreciate someone looking at it and telling me what more I can do to ensure the site is safe for people to view.

(Maybe it would help if I removed the last post critising Google???)

Dianne – PLEASE NOTE:

After entering my WP site, I got a warning from Trend Micro warning me it had stopped a network virus:

MS02-039_SQL_SERVER_RESOLUTION_EXPLOIT

Vulnerability Identifier: CAN-2002-0649,CAN-2002-0650
Discovery Date: Jul 24, 2002
Risk: Critical
Related Malware: SQLSLAMMER.A
Affected Software:
Microsoft Desktop Engine 2000
Microsoft SQL Server 2000

Description:

This exploit attacks the unchecked buffer vulnerability that exists in the SQL Server Resolution Service.

SQL Server Resolution Service operates on UDP port 1434. It has been introduced in SQL Server 2000 to host multiple instances of SQL servers. When an SQL client attempts to connect to a certain server instance, it queries the resolution service, which in turn reports what port the requested instance is using.

By sending a malformed request to the Resolution service, the SQL server may fail resulting to a denial of service (DoS) or run any codes that an attacker prefers. The malformed request consists of a very long Instance Name of the SQL server, which the SQLSERV.EXE file fails to validate.

The Slammer worm, SQLSLAMMER.A, already exploited this vulnerability.

So perhaps Google were right and my site was compromised. Just to warn you!

Hi Dianne, thanks for your interest. OK, I uploaded WP (http:www.burn-a-book.com/wordpress2/) again.

If you search for it on Google (Writers Cramp, burn-a-book) you see the Google warning.

I upgraded to WP 2.5.1

Before the upgrade the database was all there and all the postings were complete. After the upgrade all the postings are missing and I cannot log on to the admin area. My password is not recognised. When I use the “Lost password” email link and go to wp-login.php?action=rp&key=DJ*NaZPNzb9z I get the message: Sorry, that key is not valid.

So, some advice would be appreciated. I can upload the original again (the one Google claimed was compromised) if you would like to see that. Or, perhaps you could help me get version 2.5.1 running properly with all the archives and posts showing?

Really glad of your help,

James

Thanks for your comment. Actually, we used the blog mainly for support articles/tips/advice for new writers with no advertising etc. Apparantly, people are missing our blog so maybe we will try again and go the paid route. It could have been a mistake by Google – I guess we’ll never know now:)

Kind of you to reply, appreciate it.

And frankly, if you can’t (and you don’t have anybody on your team who can) upgrade WordPress whenever a new version comes out, you probably shouldn’t use WordPress. It’s free, sure, but that zero price tag comes with the obligation to maintain your site properly. If you can’t do it, you need to pay someone to do it for you.

Fair comment. Perhaps WordPress is not for us. Thanks for your input.

Hello Rosie,

Appreciate the reply. Our problem is, we are a publishing company – not an IT company and it seems you need a high-level of technical expertise (and a lot of time) to sort out these security issues on WordPress sites. I’m sure sure we can handle it. We were running 2.5.1.

Just out of interest, there is another element to this. We ran a blog criticising Google’s latest gambit of linking with the UK and US libraries to scan all their books and make the contents freely available on-line. We think this compromises the copyright of authors so we used our blog to make this point. A few days after we ran it, Google effectively closed us down via their Quality Search Team advising us our site had been compromised. Could be a coincidence??

Assuming the site was genuinely compromised and Google is not playing Big Brother – if we put the site back up again, we could not even log onto the admin area because Google has blocked the site. So, if we did put it back up, how could we log onto it and how is it possible for not-very-technical-people to find out if there is spurious or invisible code added to the programs?

We deleted the files from our hosting server after searching through every file we could open with notepad. We could not find any spurious code. It took hours! Bit annoying we cannot remove the search references on Google though – people finding our blog pages get this malware warning page from Google.

Must admit, that not being used to this sort of thing we panicked a bit and only thought about contacting WordPress later after removing our WordPress blog. I realise you cannot help now, although we have a backup of the site I don’t want to get on the wrong side of Google by putting it up on the server again. Fact remains, someone hacked into our WordPress site and compromised it.

I have been contacted by Google Search Quality Team to say my site also has been compromised and they blocked it. I could find nothing wrong in the code and followed all the https://www.stopbadware.org recomendations but found nothing wrong. I removed the site from the server. Interested to hear you also had a security issue. Point is, is it really worth carrying on blogging if this sort of thing can happen?