Bad website behaviour
We have a website that we’re operating as a sister project site to vancity.com.
Their IT people have found suspicious behaviour and are blocking the website from their staff until it has been dealt with. I have since gone and disallowed all pingbacks (in case they are the problem), but the pingbacks aren’t actually available on the “about” page he’s made mention of.
Please have a look into this issue and get back to me as soon as possible. I have included the body of an email that was forwarded to me by the project manager.
While I could find nothing that would actually exploit a user of the site, I think it may be prudent for you to get the partner to ask the developer for an explanation of what’s up. The page specified in the ticket 98181, the “about” page, does have a hidden message in it. I’ve extracted the response headers showing it and attached the page as text. The developer may want that.
Before attempting to whitelist this site, I think I’d like to see if what the reason is first.
The other things beyond the message? Well, it may be possible that the Dev is attempting at some kind of Web2.0 like mash-up page, but one should be careful about sites classified as malicious, and it needn’t have been done like that.
To be extra careful, I’ve also asked McAfee to retest, since their Trusted Source is what classified it as malicious, to take another look. However, who knows what will happen with that request. I think it may be faster to have you contact the partner to get input from the site developer.
This page was mentioned in one ticket: http://we-community.ca/about/
I found this in the about page responses:
Date: Wed, 21 Nov 2012 00:47:34 GMT
Content-Type: text/html; charset=UTF-8
X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Link: <http://wp.me/P2tc2k-2>; rel=shortlink
While it looks suspicious, I think the site Dev is either enterprising or is playing some kind of (non-malicious) game. ”
The blog I need help with is we-community.ca.
Hi there – thanks for the report. Our developers will investigate and I’ll keep you posted.
Thanks for contacting us. I’m sorry to hear about the issues you’re having with accessing your WordPress.com site.
Based on the forwarded conversation above it seems like the firewall of Vancity’s network may be reacting too strongly, and we would recommend setting an exception for your website in the firewall settings.
If you have any other questions regarding our operations or the security of WordPress.com, please let us know.
If you think you’ve genuinely identified a security breach or issue, please report it privately by visiting http://automattic.com/security/ or email us at security [at] wordpress [dot] com.
Thanks so much for the speedy response! We thought that was probably the case. You and our off-site programmer confirmed this for us.
We really appreciate the help!
The topic ‘Bad website behaviour’ is closed to new replies.