New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Incero Malware?
concerto49
Member
Has anyone seen this? Go to http://portal.incero.com/
And Google Chrome blocks this and reports it as Malware. Firefox suggests this is a reported attack page.
Is it just me?
Comments
Blocked by Firefox as well, but unable to see anything in the code. Code and embedded JS looks clean.
http://incero.com/ whole site.
http://www.incero.com/
It was not like this earlier. I visited their page just a few hours ago.
Opened a ticket with them about it, letting them know.
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://www.incero.com/&client=googlechrome&hl=en-US
http://www.google.com/safebrowsing/diagnostic?site=http://incero.com/&output=embed
@Spencer beat me to it
Checking their Code, W3TC is on there, and WordPress 3.3.1. Yeah....
I'm sure an iframe is around there somewhere injected.
We killed wordpress :-)
Thanks for the million emails.
@Incero glad you got it sorted - having your company website compromised is NOT fun... it's happened to the best of us!
@Incero portal.incero.com is WHMCS not Wordpress?
Kept the Tags, Description of Generator on your pages is WordPress 3.3.1, and W3TC is thrown in at the bottom.
Did you just pull the source, then remove the CMS?
EDIT: Yup you did - Good call
On a side not it seems incero hosts a lot of malware?
http://www.google.com/safebrowsing/diagnostic?site=AS:54540
That is even more then colocrossing
http://www.google.com/safebrowsing/diagnostic?site=AS:36352
And colocrossig even has 25x more the IPs
Edit: Looks like he even has more than ecatel!
Our wordpress main site was on a dedicated machine, our customer portals, ordering forms, etc are on different machines. Only wordpress was injected with some redirects. Not a big deal.
@Incero portal.incero.com is customer portal, no? It says Malware. Please take a look.
@concerto49
The domain incero.com was blocked due to the wordpress injection on incero.com you can see this on google:
http://d.pr/i/Yynk/1foxaVfS
So all subdomains received the same message...... Of course we all know wordpress can be exploited so we have separate systems for our portal which can be confirmed with a traceroute.
Thank you.
This happened to us a week or 2 ago angry I catch he'll for it, yet it happens to incero and everybody is peachy? Low end drama I guess!
@Incero if you have the site set up with Google's Webmaster Tools, you can force a Malware check and those errors should disappear quickly for clients.
yes, yes, did that about 6 hours ago. Also did one manually on sbw.
This is a prime example of not updating your Wordpress install.
Not everyone can be perfect like me and never forget anything.
Brb going to update everything.
@agoldenberg its a major example of how much a mistake it is to use wordpress for anything, 3, 5, 10 years later and their core code is still being exploited.
WP may not be the best solution for something you want to set and forget, and it may not always be possible to stay on the bleeding edge of updates, but 3.3.1 was released Jan 2 of last year..
I am not sure, it is more their gazillion add-ons and their popularity that makes them such a big bull's eye, IMO.
@maounique Our WP was updated to the latest with the 1 click installer on Sunday, when we updated our facebook with a new AUP section for ipv4 usage.
Google cache also shows that on april 24th we ran WordPress 3.4.2
view-source:http://webcache.googleusercontent.com/search?q=cache:incero.com&aq=f&oq=cache:incero.com&aqs=chrome.0.57j58.3313j0&sourceid=chrome&ie=UTF-8
http://imgur.com/PDJY7ga
So not sure why you mention 3.3.1.
Lots of love
yea saw it too. i decide for not paying the invoices when i saw that warning well i'll pay it soon since @Incero confirmed its been fixed.
Because it's embedded into your temporary order pages you saved from mid-last year.
Also, W3TC. That is all.
using chrome
can visit no problem
@Kris our order pages are not wordpress. Simply when we made the order pages we saved the website from a browser, then used those as a template. You can see our order form is online and works just fine.
Yup - I said the same - look up top. Simply answered why 3.3.1 was brought up
Site's OK again from Firefox as well.
@24khost you got your site deleted...
You never said if your WP was vuln or if W3TC was vuln, which had some vulnerabilities released along with WP Super Cache. Either way, kinda scary a provider can't keep up with updating software
However it's easier to kick the WP horse