A Note on Site Security and Badware: Problem Solved and a Few Tools

UPDATE: Google has re-evaluated my website and removed the “may harm your computer” notice. I’d read that it takes ~5 days, but they knocked it out in about 12 hours. Thanks!

You know, when my traffic tanked in the last few days, I assumed it was because most of the problems in education had been solved. Ha!

Nope, it was a tiny piece of badware [low-risk, thankfully]. Google picked up on it quickly and started to display a handy bit of advice to Googlers encountering my website:

I dotted in red the two important points. The single red dot points to the warning Google showed potential visitors – and, unsurprisingly, they were deterred from visiting a site that Google told them was potentially harmful. The two red dots indicate AVG’s seal of approval and testify that my security/badware problem is now fixed.

So, here’s what happened, in brief, and why you should care.

WordPress had a well-documented vulnerability about two months ago. Chinese hackers exploited this vulnerability and injected a bit of code in WP sites that forced visitors to auto-download some stuff. If you’re a WP blogger with this vulnerability, take the following steps:

• Read this thread – it explains the threat and how to delete the iframe injection.
• Upgrade to WP 2.5, which has plenty of handy features and closes some security holes.

Once that’s complete, you can request that your site be reviewed by StopBadware.org, a benevolent organization that has partnered with Google to get a handle on badware across the internet. You can also log in to Google’s Webmaster Tools to request a re-review from Google. In a few days [hopefully sooner!] that ‘harmful’ tag on my site will be gone.

This is yet another reminder to keep anti-virus software active on your computer. If you don’t already have a-v software, I recommend AVG – it’s free and does a great job.

You can also scan your machine with a free online virus scanner from TrendMicro. HouseCall is wonderful – it identifies any problems and tells you how to fix them.

I invite everyone to take this opportunity to run a scan and make sure your system is secure. I suppose that reminder is the silver lining in these nasty little hacker tricks.