Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blackhat SEO (type 1720)


  • This topic is locked This topic is locked
6 replies to this topic

#1 drbobj

drbobj

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 12 March 2015 - 07:18 PM

when I tried to go to a site (not mine but someone I know)

 

http://omdweb.net

 

 

my AVG antivirus poped up with a message saying that Blackhat SEO type 1720 was present on the site/link

 

from the AVG site the post this info

Web Threats ›

Blackhat SEO

Blackhat SEO is a malicious code present on fraudulent websites or illegally injected on legitimate but hacked websites without the knowledge of the administrator. The intention behind these code injections is to detect and exploit vulnerabilities on applications installed on your computer to install malicious and unwanted software that compromise the security of all data on the affected PC.Blackhat SEO is currently ranked 197 in the world of online malware.

 

I don't think my computer has become infected since AVG stopped me from going to the site, but I ask for help so I can let the site owner know about it

 

when I went to the site on my mobile phone went through fine, I don't believe I have any anti virus/malware apps on my phone

 

Thanks in advance for any help

 

Dr Bob


Edited by drbobj, 12 March 2015 - 07:20 PM.


BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:41 PM

Posted 14 March 2015 - 03:05 PM

hi drbob,

 

The threat (if there is one) is from the web page you visited. The web page has become compromised. You can check the page with online scanners to make sure its not a false positive.

 

http://sitecheck.sucuri.net/

http://www.unmaskparasites.com/

http://www.brightcloud.com/tools/url-ip-lookup.php

http://scanurl.net/


How Can I Reduce My Risk to Malware?


#3 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 16 March 2015 - 11:52 AM

Hi shelf life

Thanks for the reply.

 

It is always good to have more than one tool to check things

 

the first two showed that there are possible suspicious items

the unmaskparasites did specifically mention this line as suspicious, which hopefully will help to track down the issue

 

if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility =...

 

 

 

these two did not find anything

http://www.brightcloud.com/tools/url-ip-lookup.php

http://scanurl.net/



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:41 PM

Posted 16 March 2015 - 05:17 PM

hi,

 

Can't help much. Dont know anything about javascript if thats what it is . Could be a false positive on AVG's part. Nothing really from for sure, suspicious isnt "for sure"-  The only thing I can say is make sure the template and any plugins are up to date.

Appears to be a wordpress template.

 

Copyright © 2015 Free Premium WordPress Themes - WikMag.com - SEO

 

https://wikmag.wordpress.com/

 

Support: https://en.forums.wordpress.com/search.php?search=Blackhat+SEO+&forum_id=0

 

Support: https://wordpress.org/support/

 

I notice theres a wordpress.com and .org:

http://diythemes.com/thesis/rtfm/differences-wordpress-com-org/

 

 


How Can I Reduce My Risk to Malware?


#5 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 16 March 2015 - 06:15 PM

Thanks again for your help.

 

Yes it is likely that it may be a false positive, but nevertheless since I'm using AVG it stopped me from getting to the site and would likely do the same to anyone else going to the site under similar circumstances. I have passed it on to the person owns the site.

 

As you mention It would be a good idea to check the topic in wordpress formus.

 

The wordpress.com site is for sites that are hosted by wordpress.com the wordpress.org is for any site that uses wordpress

 

I started doing so After some initial searching some people say AVG is finding false positives others say there are legit hacks, In any case the site owner or their admin needs to check their site more thoroughly. I just wanted to look into is since I also use wordpress on a few sites and was looking into what type of security add ons or other solutions to prevent possible hacks in the future



#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:41 PM

Posted 16 March 2015 - 08:23 PM

Ok your welcome. The site owner/admin can also investigate further with AVG:

 

http://www.avg.com/ww-en/page-rating-report

 

http://www.avg.com/ww-en/faq.num-2868#num-2868


How Can I Reduce My Risk to Malware?


#7 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:41 PM

Posted 19 March 2015 - 07:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users