We have a website that we're operating as a sister project site to vancity.com.
Their IT people have found suspicious behaviour and are blocking the website from their staff until it has been dealt with. I have since gone and disallowed all pingbacks (in case they are the problem), but the pingbacks aren't actually available on the "about" page he's made mention of.
Please have a look into this issue and get back to me as soon as possible. I have included the body of an email that was forwarded to me by the project manager.
While I could find nothing that would actually exploit a user of the site, I think it may be prudent for you to get the partner to ask the developer for an explanation of what’s up. The page specified in the ticket 98181, the “about” page, does have a hidden message in it. I’ve extracted the response headers showing it and attached the page as text. The developer may want that.
Before attempting to whitelist this site, I think I’d like to see if what the reason is first.
The other things beyond the message? Well, it may be possible that the Dev is attempting at some kind of Web2.0 like mash-up page, but one should be careful about sites classified as malicious, and it needn’t have been done like that.
To be extra careful, I’ve also asked McAfee to retest, since their Trusted Source is what classified it as malicious, to take another look. However, who knows what will happen with that request. I think it may be faster to have you contact the partner to get input from the site developer.
This page was mentioned in one ticket: http://we-community.ca/about/
I found this in the about page responses:
Date: Wed, 21 Nov 2012 00:47:34 GMT
Content-Type: text/html; charset=UTF-8
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Link: <http://wp.me/P2tc2k-2>; rel=shortlink
While it looks suspicious, I think the site Dev is either enterprising or is playing some kind of (non-malicious) game. "
The blog I need help with is we-community.ca.