Tuesday, 19 June 2012

No! There's no malware on my blog! It's someone else!

I was updating my blog last night and suddenly Safari pops up this message, WTF, my blog has malware??

Tried Firefox from a Windows PC and it reports the same thing too, strange...

Clicked on the "Google Safe Browsing diagnostic page" and it reports as below, something about "nachbaur.com" and "176.9.179.0", how could my blog has those craps?

Start up HttpFox on the Windows PC, and as below, strangely it indeed tried to load things from those 2 URLs, how can that be?

Checked page source, Ah ha! Found it! It's not me, it's the "blog list" thing I added to the left hand side of my blog so that it automatically picks up latest posts from other blogs. And guess who owns "nachbaur.com" ("iOS web developer's life in beta" blog)?

The site "iOS web developer's life in beta" belongs to "Michael Nachbaur", one of the "famous" indie developers who's the co-creator, and recently sold their popular game "Casey's Contraptions" (Note: now re-branded as "Amazing Alex") to "Rovio", the company that owns Angry Bird.

I guess if you are famous, the bad guys would certainly love to target you due to your popularity.

As shown below, Google marked his site as malware infected too.

As a temporary work around, I have removed the blog list and until blogger.com released some sort of fix, won't put that back for a while. Hay, the only function should only copy the "text" content of the latest post from those other blogs, why is your silly code copying all the malware and other related scripts too??!!

I have requested Google to remove my site from their cache, so looks like you won't be able to find this blog from Google for a while until the cache been updated. As most of my traffic were referred by Google, it's going to hit my hit rate quite badly..... Don't think there's anything I can do other than wait for Google crawler to pick up my blog again...

Also tried to contact Michael by twitter, hope he gets the msg and quickly fix it. 

Have to wait and see how it goes then... Wish me good luck...

[Update 20/06/2012]
Michael responded with twitter: 
"Thanks for the heads-up! WordPress sucks... I've reinstalled and cleaned it up. Thanks for the warning!"

So looks it's fixed on his blog. Michael asked for a review, instead of like me - request for the page to be removed from the Google cache. May be his way is better, as I can't find my blog in Google for 2 days now :-(... How long is it going to take to be added back to Google again??

[Update 29/06/2012]
Thanks for comment from Peter below, yes it's fixed after I manually use the Webmaster tool to add my site back to Google. The other option is like what Michael did, simply ask Google to review, it seems to be quicker?


2 comments:

  1. i found the site using a google search so it is certainly back now.

    ReplyDelete
  2. Hi Peter, thanks for the comment, yes it's working ok now.

    ReplyDelete