Very odd, got a report that my site has a problem according to their safe-site analysis.
Now, that’s all great and dandy, but the data returned from the link above (Tuedsay, June 24th, 2008 at 18:20 CST) doesn’t give any reason except:
Of the 9 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 06/23/2008, and the last time suspicious content was found on this site was on 06/19/2008.
Malicious software includes 13 trojan(s). Successful infection resulted in an average of 3 new processes on the target machine.
Malicious software is hosted on 2 domain(s), including 61.155.8.0, wp-stats-php.info.
Ooh, that’s helpful, so very helpful, even when later it states the following 2 items:
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
and:
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Oh hum, so, yah, somehwere on my blog site there is something bad going on, though no files were changed (they pass MD5 verification), and no details were given by Google.
How sucky.
The wp-stats warning is from a piece of javascript that’s gotten dumped in the posts – use the source view and look for “traffic statistics” to find which post(s) has it. I’ve had that happen and upgrading WP took care of it.
I’ve also just had the 61.155.8.0 thing show up in the last 24 hours, and it was causing my site to redirect to some crappy anti-virus softrware site – I can’t find any specific mention of it in the WP forums, but I’m in the process of upgrading to 2.6 tonight and hopefully that will take care of it and get me off stopbadware.org and google’s “this site will kill you!” list.
Thank you!
My friend helped me find it – looks like it might have been a cross site scripting issue and a whole post had been edited with java script.
Whew! FIXED!