Comments on: Google labels Scriptygodess as pariah

By: Martin

Martin — Mon, 17 Mar 2008 11:39:14 +0000

Hi, i find myself in the same situation and i don’t know if I should blame it on my web hosting service - but they say they don’t have such a problem or on wordpress and its security flaws, or on a possible hack or on a bad link. How did you resolve the issue?

By: valerie

valerie — Fri, 18 Jan 2008 21:29:58 +0000

I haven’t been here in a while — I’m glad you got it fixed! And yay for the push back to PR5. I’m still down two points myself, blah.

By: Jennifer

Jennifer — Sun, 06 Jan 2008 20:46:50 +0000

Yes, it could be a number of different things. But out of all the possibilities, Wordpress is the one that I have the least amount of confidence in security wise - especially given some of it’s recent history. The other possibilities I just highly doubt given my setup, but since I have no proof of how the hack happened, technically it could be anything. (Including gnomes hacking into my computer and instead of getting at my bank account, they go and corrupt one of my blog template files. Hey, it could happen!) ;P But in the end, any suggestions that had been made to make things more secure were already in place, and no one has offered more than that to help figure out how it happened and/or how to prevent it from happening again.

By: Sean

Sean — Sun, 06 Jan 2008 18:22:58 +0000

Are you sure the HTML injection was a wordpress issue? Is it possible that your FTP or web-based file manager was compromised? I haven’t read deeply into what you’ve said about your issue — what made you jump to a wordpress vulnerability?

Thanks!
Sean

By: Erica George

Erica George — Thu, 20 Dec 2007 21:19:20 +0000

Hi Jennifer,

I’m the communications lead at stopBadware.org - my colleague Liana pointed me to your

post. I hope I can help clear up a few misconceptions about the warnings and answer any

questions you still may have. I’m also sorry to hear that you found our review form

difficult to use. If you have any specific feedback about that page I’d love to hear it

- we’re in the process of a website redesign so we’re actively seeking that kind of

suggestions.

As Liana said, the vast majority of the sites Google flags are ordinary sites that were compromised due to hacks, ads, etc. I have no idea if this is what caused the issue on your site, but a recent post here talks about a WordPress SQL vulnerability.

If you have any other questions or concerns, please let me know. Since your review was processed by Google rather than StopBadware I don’t have access to specifics about your site, but I can answer questions about process, etc.

Also, you / your readers may be interested in the Security Tips for webmasters we’ve developed: http://stopbadware.org/home/security

Erica
StopBadware staff

By: Liana Leahy

Liana Leahy — Thu, 20 Dec 2007 19:45:35 +0000

Jennifer,

I just happen to be from StopBadware and I came across your site while surfing for help on a SQL query. I like your site (and am always happy to find fellow female geeks) so I’m glad that your site has been cleared.

Many many sites that Google flags are innocent sites that have been hacked. I’d love to hear what you find out in regards to Wordpress. Another source of badware can be third party advertisements which are hard to track down.

Still, I’ve alerted our communications leader about your site to answer any remaining questions you may have.

Cheers,
Liana

By: Joe

Joe — Thu, 20 Dec 2007 02:25:01 +0000

OUCH!!! Glad to see your still alive. I used to read your blog often but I kind of fell out to the blogosphere. Well, hoping to pop back in. Anyway, will be reading you again. Take care!!

By: Jennifer

Jennifer — Mon, 17 Dec 2007 23:49:04 +0000

I had been signed up, but apparently never bothered to do the additional “verify you’re the site owner” thing. So while they did have my email address and I did have an account with them, and I did add scriptygoddess to the webmaster tools thing - maybe it was that last step of verifying that I was the site owner that makes the difference? Not sure.. That would have been nice though if they do update you from that…

By: Richy C.

Richy C. — Mon, 17 Dec 2007 23:42:05 +0000

If you actually sign up for Google’s Webmaster control panel via http://www.google.com/webmasters they are supposed to send you alerts if they detect Malware on your page and provide you with details of where it can be found. I’ve not experienced this myself so I can’t say if it does or doesn’t work, but I’m “aware” of the feature there.

By: Jennifer

Jennifer — Mon, 17 Dec 2007 16:51:54 +0000

Yuck! Hope it gets straightened out soon!