Badware in the sites you buy?
  • I bought a site on DP and fired it up in my hosting and noticed it had text links pointing to Infolinks. So I looked around in the theme- the adsense was in the theme rather than widgets so I changed that to my name at the same time- but I couldn't find the infolinks code anywhere in the theme files. It felt creepy. Then I submitted the site to google webmaster tools and got this back:

    ***************
    Dear site owner or webmaster of http://xyz.net/,

    We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

    Below are one or more example URLs on your site which can cause users to be infected:

    http://xyz.net/
    http://xyz.net/video/this-page/
    http://xyz.net/articles/a-complete-list-of/

    Here is a link to a sample warning page: http://www.google.com/interstitial?url=http://xyza.net/

    We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

    1) the site was compromised

    2) the site doesn't monitor for malicious user-contributed content

    3) the site displays content from an ad network that has a malicious advertiser

    If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites: http://www.stopbadware.org/home/security

    Once you've secured your site, you can request that the warning be removed by visiting this Webmaster Help Center article and requesting a review. If your site is no longer harmful to users, we will remove the warning.

    Sincerely,

    Google Search Quality Team

    1600 Amphitheatre Parkway

    Mountain View, CA 94043
    ********************

    It looks like #3 is the case here. Do you figure it was some kind of malicious special code, or just normal infolinks code embedded somehow that google saw as malicious? I guess the seller really planted the infolinks code deep in there somewhere so that it would be hard to dig out, is that slimy or what?

    Fortunately I was planning to change the theme anyway and after I did that there was another message saying that the badware was gone.

    But it made me wonder:
    Do people often plant suspicious code in sites you buy?
    Do you usually check? How?
    Do you generally use google webmaster tools with a quick flip?
    I'm playing with some anti-virus wordpress plugins-anybody have one they recommend?

    Too many questions lol.

    **Here is a link to check any site for malicious code with google webmaster tools:
    http://www.google.com/safebrowsing/diag ... MEHERE.COM
    Post edited by Unknown User at 2011-10-24 11:27:16
  • 1.) I haven't run across people intentionally planting malicious code, but I do see people trying to hide backlinks, etc. That's why I always review a site with tools like xenu.
    2.) Webmaster tools is a good option to check.
    3.) Unless I don't want Google knowing who I am (rare), I always use webmaster tools.
    4.) I haven't played around with anti-virus plugins. Let me know if you find some good ones.