So it was just brought to my attention that our site is infected with what appears to be the WP Pharma Hack. When searching our site via google, the description shows all kinds of spam relating to Viagra and meds. Also, when viewing the cached version and then checking out the source, there’s tons of links and other spam relating to buying Viagra.
domain / keywords: 12ozprophet.com, 12ozprophet, 12oz
Like the WP Pharma Hack, it only shows via Google with no hints on other search engines or in the actual template code.
Here’s some info google supplies about it: http://www.google.com/safebrowsing/diagnostic?site=www.12ozprophet.com
What is the current listing status for http://www.12ozprophet.com?
This site is not currently listed as suspicious.What happened when Google visited this site?
Of the 26 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-05-19, and suspicious content was never found on this site within the past 90 days.
Malicious software includes 2 scripting exploit(s).This site was hosted on 1 network(s) including AS36351 (SOFTLAYER).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, http://www.12ozprophet.com did not appear to function as an intermediary for the infection of any sites.Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
We’re running EE Version 2.1.3 Build 20101220 on a dedicated server at SoftLayer. We connect with SFTP, disable root and run SSH on a non-standard port.
Only thing I can thing of is that EE is compromised or that possibly the old version of vBulletin we’re running has been compromised.
Anyone know for sure or have experience with this?
Any other help or leads?