Thread

Hi – A clients site, hosted on a Mediatemple server, is being blocked with a Malware warning - Has this happened anyone else? Any guidance on how I can resolve this?

The message given is below…

What is the current listing status for http://www.darkroomlondon.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-08-24, and the last time suspicious content was found on this site was on 2010-08-24.
Malicious software is hosted on 1 domain(s), including marjorie-reed.com/.
This site was hosted on 1 network(s) including AS31815 (MEDIATEMPLE).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, http://www.darkroomlondon.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
  •  Return to the previous page.
  •  If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.

Thanks for reporting this. We take security very seriously and will do our best to work with you on figuring out what’s going on. To that, we need some additional information from you…

  1. EE version and build (found at the bottom of your control panel)
  2. Other scripts on your account, whether in use or not (phpBB, etc…)*

  * If this is a shared hosting environment, the host can make a determination if the attack came through scripts on another account on the server, which is commonly the case with these types of hacks.

  While we work through this, please check through these files:

  * path.php
  * config.php
  * index.php

  to ensure that there is no unusual code such as iFrames or Javascript includes; if you do find that code, then please back-up the file and remove said code.  If you are unsure of what does or doesn’t belong in these files, do not hesitate to ask.

  You may also wish to refresh your files by following the build update instructions.

  Also please ensure that you report this to your host immediately as they can help identify where the attack originated from so that steps can be taken to prevent this in the future.

Thanks Sue

The EE version is 1.6.8 Build:  20091002

there are no other external scripts in use…

I’ve checked those files and I believe they are clean.

I’m dealing with the host (Mediatemple) as well.

thanks
Kevin

I’d recommend a version upgrade to 1.6.9 as well. Let us know what MT has to say. We’ll be here.

Hey -

Ive updated to 1.6.9, but I can’t log in to the CP – Im getting a blank page on the cp login… I’ve been through the procedure before without difficulty…

// Edit - sorry, I should note, I can view the login page once bypassing the malware warning, but after logging in it hangs on a blank page. I can also view the site itself

Any ideas?

thanks
K

Kevin, please try enabling error reporting. Were you running any ads on the site prior to the incident?