Websense classified my site as Web/Email Spam


#1

I do not see a way to protest this to Websense. Is there something I can possibly do to get them to review the site and unblock it?


#2

Looks like your site has been exploited, so you’d want to fix it up before asking them to review it.


#3

I have asked DH to look into it, but their search was largely fruitless as to problems. Are you seeing something?


#4

If you “view source” on your page and scroll to the bottom, there is a hunk of pretty obvious spam in there, starting with the words “new york state health insurance exchange”.

The content is in your Wordpress theme — in wp-content/themes/k2/footer.php, specifically. Update and/or reinstall the theme you’re using and it should go away.


#5

Sucuri SiteCheck also shows warning on your site.
Malware entry: MW:SPAM:SEOHome
Description: Web site identified with Blackhat SEO Spam. This often means that it was hacked and the attackers inserted links to their own sites to increase their page rank on search engines.

http://sitecheck.sucuri.net/results/zeroserenity.com

(I use it about once a month to help verify my sites, but I don’t work for them)


#6

Last write date: 5/7/2013. This was recent. I reset the directory to be 711 just to make sure of things.

This can’t be the only problem though. It’s been going on for a few months.
[hr]

Clear.
[hr]
I can now access it within my network. I guess that it’s taken care of now.


#7

Well a bit over a year ago (so it’s been going on for at least that long)
Their was a thread about the Blackhat SEO Spam attack

with a WiKi on how to fully clean up after it


#8

Looks like my site has been smacked by websense again. http://sitecheck.sucuri.net/results/zeroserenity.com reveals that my site is clear, but perhaps I missed something?


#9

View source, again. It’s right at the bottom, pretty obvious; probably in the same footer.php file as last time.

Please contact our support staff so we can scan your site for security issues. Since it’s happened twice now, there’s probably some back door they’re getting in through.


#10

Yup. Right on the ball Andrew. I’m leaving the file in tact right now so the investigation can proceed without my meddling.