Warning on One of my Poker Sites

[NdeJonge]

Hey Guys,

When you visit my website Poker Bankroll Tips you receive this error:

"Warning: Something's Not Right Here!
pokerbankrolltips.com contains content from My PC Note, a site known to distribute malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
We have already notified My PC Note that we found malware on the site. For more about the problems found on My PC Note, visit the Google Safe Browsing diagnostic page."

I have never run into a problem like this before. Any help on how I can fix this and prevent it in the future would be of great help.

Thanks

[Peter Willis]

It's a little bit odd, since Google's safe browsing doesn't currently report any malware for you and the sucuri.net free-scan isn't showing anything.

That said, you have probably fallen victim to the timthumb hack. Install a plugin called TimThumb Vulnerability Scanner which will check and fix it for you. You'll probably want to read up on other clean up procedures following a hack related to timthumb.

Delete any old files and themes that you no longer use from your server. Re-install wordpress and make sure all other plugins are up to date. If you're using any plugins which haven't been updated for a while you may want to re-consider using them.

[NdeJonge]

Thanks Peter.

I added the timthumb scanner plugin and it found nothing, so I deleted the themes I'm not using and reinstalled wordpress. I'm not sure if that worked because I don't get the warning anymore, but that might be because I already accessed the site.

[Peter Willis]

I'm still getting the alert here (in Google Chrome). I can't actually see anything malicious in the source code or any of the javascript files you have.

Are there any alerts in the "Malware" tab on Webmaster Tools for this site?

[Peter Willis]

Found it. In your header you have a line to a favicon which has malicious code in it.

<link rel="Shortcut Icon" href="http://www.bloggeraz.com/images/favicon.ico" type="image/x-icon" />

No idea if you put the favicon there or not. If you didn't add it, then you need to be looking deeper as you have an exploit somewhere that let the hackers add code to your header. If you did add it, then you should be able to fix the issues by simply removing that line as it means bloggeraz.com has been hacked.

[parttimepoker]

Found it. In your header you have a line to a favicon which has malicious code in it.

<link rel="Shortcut Icon" href="http://www.bloggeraz.com/images/favicon.ico" type="image/x-icon" />

No idea if you put the favicon there or not. If you didn't add it, then you need to be looking deeper as you have an exploit somewhere that let the hackers add code to your header. If you did add it, then you should be able to fix the issues by simply removing that line as it means bloggeraz.com has been hacked.

You are a consistently useful person, thanks for that.

[leporello]

This guide helped me to remove some junk off a hacked site recently.

Simple script to find base64_decode in your files

[NdeJonge]

Awesome Peter! Thanks a lot man. And Leporello thanks I'm going to check that out too.

[NdeJonge]

And I don't think I put that there. I looked at the header and I had two favicon's, my real one and that one in the code. It's removed so hopefully that fixes the problem. Thanks again Peter.

[Ridge]

Great thread. I haven't been on PAL much recently, great to see a post with good info lie this though