My client reported to me that his Joomla site has been marked as malware by Google and in Firefox and Chrome the users are alerted to avoid visiting the site. At first I assumed someone might have flagged the site as malware just to have fun or out of curiosity. But I still went ahead and did my little detective work and learned that a malicious user might actually have posted something creepy in the forums or in comments. After regorus searching through the database for scripts for hours I couldn’t come up with any. Then I researched a little more about the problem and learned that hackers are finding ways of inserting an iframe content on popular cmses like joomla, wordpress and drupal with ease. So my next step was to download the whole site on my local computer and do full directory scan for keyword “iframe”. Turns out, there where plenty of instances, most of them were pure hidden iframes to some malicious urls.
One at a time I removed them and then uploaded the files back. I then requested a review in Google Webmaster Tools and the next day… voila… the site was back normal.
The lesson I learned was to insist my clients to keep their sites up to date on software upgrades and backup daily.
At the end I felt quite happy to knock this one down.