On February the 5th WordPress released version 2.3.3 of their blog software. This release fixed the following issue:
WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog.
On February the 10th I applied the version 2.3.3 to my site.
Three days later Ubuntu Hardy installed the new firefox 3.0 beta. This version of Firefox works very closely with stopbadware.org to prevent users from accessing malware or badware sites. I found this feature when I used Firefox to visit my own site. I was informed of the fact that my site actively distributes or promotes malware and Firefox will not allow access to it. Disabling one of the security features in Firefox restored the access to my site. I instantly understood that my site was hacked (again) in the last couple of days.
Trying to find out what was going on I read a lot of information on the stopbadware.org pages. Stopbadware.org is founded by Google so it is not surprising they use Google techniques to decide which sites are badware (or malware). A google search for my site today gives the following result (I also tried the same search on Yahoo, MSN and ASK.COM. Those engines have no problem with my site since they do not try to block access to malware sites):
Doing some more research I found that Google’s webmaster tools will give me an option to let Google do a review of my site. The bad thing I found was that Google does not tell you what is wrong with your site. They only state that there is something wrong. This makes it very hard to debug the site and fix the problem. I ended up going through all the pages and have a look at the source of each.
I found two hidden links. The links were hidden in <noscript> tags, so they were not accessible for the visitors of my webpage, they were just there for search engines to enjoy (I guess the person who inserted the links hopes to gain more attention if his site gets linked to a lot). So I removed the links, did some queries on my database and decided my site was completely clean. Then I asked Google to re-evaluate my site.
Within two days Google came back with a reply (please note: I made the links, Google would definitely advice you not to click on them, so do so at your own risk):
Status of the last badware appeal for this site: A review for this site has finished. The site was found to still be dangerous for users. Please review your site again. When you are confident that you have cleaned and secured your site, please request another review. Sample URLs that were found violating the guidelines during this review:
For me all those links return an error page which has absolutely no malware whatsoever. I even reinstalled the gallery software to make absolutely sure I am using the latest greatest.
I then resubmitted my site on the 14th of February. I was hoping Google could re-evaluate the situation quickly but things have been quiet up until now. I am still listed as a malware site and there seems to be nothing I can do about it. Maybe someone reading this could help me out. I really feel that Google is now limiting my online existence and by doing that it also limits my real world existence as an IT Professional.
Update 19-02-2008 22:37 (CET):
I downloaded my whole site with httrack. I then used grep to get all the “http://” links into a file. I opened this file in kate and searched it for the guideline violating links. Somehow I wasn’t surprised that none of those links could be found. Again I have asked Google to re-evaluate my case.
Update 23-02-2008 11:50 (CET):
Finally clean. Last Wednesday I found the last ‘bad link’. As of today Google knows. I hope that stopbadware.org will follow (the new firefox still blocks access to my site).
And we’re back!