Skip to content

Attack on this blog revealed

Over the last two months or so, some of you reported that my blog could not be accessed due to blacklisting by Google. Most of you read my blog through Fire Fox 3 browser. When this first happened, even I was unable to access my blog, so my trusty hosting provider, Chris Haslam of Ixis IT dully updated the wordpress to the latest version and removed some offending code. I updated the password and so for a time, the problem disappeared. Whilst I was on holiday, the blog seems to have had another attack and Google and FF3 continue to warn visitors of the danger present.

I received the following report from StopBadware Team today reporting that they continue to blacklist my blog until malicious code is removed.

Report from The StopBadware Team on manojranaweera.com

As a consequence, I removed the code snippets on Header and Footer files and changed the password. I am hoping this would be the end of it.

php Code from www.manojranaweera.com

I took the initiative to publish the letter and code, hoping that someone else in this situation may find this as a reference. Of course, their situation may be completely different.

On the other hand, if you see any further malicious code in this, do let me know.

Published inOther
  • Anonymous

    The code looks as if it has a secret bit of javascript code, encoded in to character values. All the character offsets are then offset by -1 to hide the malicious code from any common validation/code cleaners.

    HTML comments inside of Javascript tags is common practice to stop older browsers from getting confused about the Javascript.

  • The code looks as if it has a secret bit of javascript code, encoded in to character values. All the character offsets are then offset by -1 to hide the malicious code from any common validation/code cleaners.

    HTML comments inside of Javascript tags is common practice to stop older browsers from getting confused about the Javascript.

  • 6 September 2008 – Update

    Just discovered the same filthy code on footer again. How can this be stopped?

  • 6 September 2008 – Update

    Just discovered the same filthy code on footer again. How can this be stopped?