Dear Drupalist,

I have a site www.anjeer.com which has been running perfectly on drupal 5 for past couple of months.

On google chrome the following message was detected. This message is only delivered to people using windows XP.

Please can anyone suggest me, how to fix this problem
following i have posted the problem

Warning: Visiting this site may harm your computer!
The website at www.anjeer.com contains elements from the site gumblar.cn, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for gumblar.cn.
Learn more about how to protect yourself from harmful software online.

Comments

Tektom’s picture

I'm having the same problem on one site, keeps coming back! What do we have to lock down to prevent this from happening?

kumar654’s picture

hey guyz,

i was ale to fix the problem by replacing my files.
it worked well. but now i think i have to use secure way to ftp my files.

thanks

Tektom’s picture

Version: 5.14 » 6.11

I've replaced the files a few times on two websites and changed the ftp passwords, but the next day the same problem returns. What else has to be locked down?

orseay’s picture

I too have had the same problem with the exact same message from google chrome, but not from firefox or explorer. I have been having this problem for about 2 months now. The only way I've been able to temporarily fix the issue is to upload the original site files, but the warning just comes back in under a week in most cases. I have spent hours communicating with my hosting provider and get nothing of much help out of them other than suggesting that it was my permission settings. I restored a site that I had just bought a week ago because it too had been infected once I got the site up on my server. Because the site was fine before I bought it, I figured it had to be an issue with FTP, so I deleted the FTP account for that site and restored the originals and made sure the permissions were right. Without fail, chrome is giving me the same message today, and I'm about ready to throw my computer down my stairs, although I know that wouldn't fix anything either because I actually reinstalled windows before I bought this last site. SOS!!

jimejim’s picture

Yes, unfortunately I have to add my name to the list here. This specific hack is beginning to get annoying.

This blog has a pretty good explanation of what happens, and how to remove the infection.

http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-a...

One thing that page doesn't mention is that it also adds image.php scripts with malicious code to some of your images directories and modules (specifically targeting directories named "images" and probably "image" but haven't tested).

So, I've had to clean this out a few times over the last two weeks, and unfortunately I can't seem to figure out how it's breaking in. I've cleaned it out and set my write permissions to try to stop it, but it keeps getting through.

dpearcefl’s picture

Status: Active » Closed (won't fix)

Doesn't sound like a Drupal problem.