OT : SOS berlin user group malware : HELP!?!

dear geeks

I am an FCP Editor, Trainer and User Group leader in Berlin Germany.

We are probably the largest and oldest user group in Europe!

And we have a problem, again!

Some of our users encounter a "malware" warning page when going to our site.

[www.berlinfcp.de]

OK so the site is based on Wordpress which has horrible security issues.

And yes we have had malware before! We successfully killed it last time around.

So I´ve asked several of my geekier friends to have a look at the site and no one has found any thing suspicious.

I have also updated to the latest version of Wordpress 2.9.1 and have a security plugin running.

Suspect that it is actually a cache problem with respect to safari Cache thingy!

Have no idea how to move on....

Done the google site check

[www.google.com]

which if I understand it correctly says that every thing is OK!!!

Can google the site!

And have written to Google twice now but they seem to be very slow at getting back!

In the short term I want to move away from Wordpress any way and am looking at Joomla having, given up on Elgg (way too geeky and out there for me)

thoughts, comments, help

greatly appreciated

thanks

Paul

p.s.

Even if this is all greek to you, you can still help!

If you happen to be using a PC maybe you shouldn´t do this. Just in case!

Click on the following link

[www.berlinfcp.de]

And then take a minute to post answering the following questions

Did you reach the site without any problems : yes or no?

What Browser are you using : ?

What version of the Browser are you using?

What Operating System are you using: ?

Any Comments are greatly appreciated : ?

* what is malware?

[en.wikipedia.org]

pps maybe it was a mistake calling the group fianlBUG

Looks like a Safari issue. I can visit the site on Firefox, but it triggers the warning on Safari. It goes off when I uncheck the "warn when visiting fraudulent sites" setting in Safari. Even visiting the home page via the google cache triggers off the warning. However, the rest of the pages load fine, just not the home address, so there must be a unique incident in the homepage that triggers off the warning. Perhaps a script is configured differently.



What Browser are you using : ?

Safari 4.0.3, FF 3.0.8


What Operating System are you using: ?

OS 10.5.8



www.strypesinpost.com

dear geeks? I was wondering who was going to be the first to answer that.

When life gives you dilemmas...make dilemmanade.

Isn't that a blacklisting issue with Google? Seen that on a few sites- real pain in der backside.

Noah

Final Cut Studio Training, featuring the HVX200, EX1, EX3, DVX100, DVDSP and Color at [www.callboxlive.com]!
Author, RED: The Ultimate Guide to Using the Revolutionary Camera available now at: [www.amazon.com].
Editors Store- Gifts and Gear for Editors: [www.editorsstore.com]

>dear geeks?

It's probably german for "friends".


Okay. I tried accessing the webpage from Opera, and it takes a while to load. Chrome blocks it too.



www.strypesinpost.com

Hi Paul

So sorry for your troubles. I get the malware thing from Safari and not FF like Strypes. Seems to me only thing you can do is find a web geek and beg for help. That or run some virus software on your server if indeed the malware is legit.

Michael Horton
-------------------

Well, on the upside, Firefox has the largest user share of the 4 browsers tested. I'm sure IE will access it just fine too, as it has more holes than swiss cheese.



www.strypesinpost.com

Lieber Freunde*

*german for dear friends

Sometimes I dream about editing on an old 16mm Steenbeck before the days of internet...



then I wake up and remember how cool the internet is.....

eg

[floatingpussy.ytmnd.com]

the above link is really not as suspicious as it looks!

appearances can be deceptive, click it if you dare

any way back to the OT

A) berlinfcp.de/BLOG is a stupid name

B) I want to move the site any way

C) finalBUG.net is a lot cooler

D) I got my Joomla for Dummies book today

I still don´t really understand whether I´ve been black listed or not...

but under the circumstances see A, B & C, above, a little variation on the method below this seems to make the most sense

1. Get a new domain address (something like the old one, but with a .net or .ws or something like that).

2. On your web server, add a second IP address for the web site. Point it to the same root directory as your old site.

3. Set up the DNS on your new domain address to look at your new address.

Then, when the bots come, it will not be able to identify it as a "banned" site, either by IP or address. It will go ahead and index it.

4. Deal with Google at their leisure, and prepare to demonstrate to them that the ownership of the site had changed. Eventually, they will relent and take you off their blacklist (they're good guys).

5. After the site has been white-listed, set up the new web address to simply point to the same IP as the original one.

found 1-5 here

[ask.metafilter.com]

Can even leave out step 5 because I want to kill the old site any way.

I want membership & profile functionality which is not really so easy to impliment with wordpress.

sorry if this is all a little bit geeky

guess that I am a geek in denial my self!

thanks for all your help

alles gute*

Paul

*all the best

BTW- Google typically blacklists by server and not by url. So if you move to another hosting service you might get out of the blacklist.

Noah

Final Cut Studio Training, featuring the HVX200, EX1, EX3, DVX100, DVDSP and Color at [www.callboxlive.com]!
Author, RED: The Ultimate Guide to Using the Revolutionary Camera available now at: [www.amazon.com].
Editors Store- Gifts and Gear for Editors: [www.editorsstore.com]

This site has some good info on how to deal with this problem

[www.google.com]

Michael Horton
-------------------