Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
Ask a Question

Malware detected in Q2A code

+4 votes
1.9k views
in Q2A Core by

My recently launched website is in testing phase - https://www.onesharedearth.com/ - and unfortunately I only enabled recaptcha and user moderation after many spammers had registered and asked spammy questions.

My host has reported this today and given me a week to clean up the site:

*Known javascript malware. Details: http://labs.sucuri.net/db/malware/spam-seo.hidden_content?2 <div style="position:absolute; left:-9999px; top:-9999px;">

This seems to be at the bottom of each page on my website & could be what the malware report is about, although I could be very wrong and there may be more spammy content elsewhere.

</footer> <!-- END footer -->
<div style="position:absolute; left:-9999px; top:-9999px;">
<span id="qa-waiting-template" class="qa-waiting fa fa-spinner fa-spin"></span>
</div>
</body>
<!-- Powered by Question2Answer - http://www.question2answer.org/ -->
</html>

This seems to be genuine Q2A code. Will removing the call to body_hidden() in qa-include/qa-theme-base.php remove the malware warning and also not have any side effects in the website? I'm not sure what the body_hidden() is for.

If this is the case, then do other Q2A sites receive similar warnings?

See this too - http://www.question2answer.org/qa/43870/spam-seo-check-should-we-be-worried?show=43872#a43872

Q2A version: 1.8.0-beta2

1 Answer

+5 votes
by
selected
 
Best answer

That code keeps the waiting template (the rolling ball in SnowFlat) hidden so that it can be cloned later. I don't really think there is any difference in hiding it using the position or the display approach. So I would go for the latter. Try it out and see if that is reported as malware too. Needless to say it is not malware, right?

These are the exact changes that you need to do: https://github.com/pupi1985/question2answer/commit/fee24cb2a08709630c5451f6f05c4a4546ad109a

Please, test them and report back. BTW, to see the waiting template you could just add a comment and it will appear for a second.

by
The change seems to have removed the malware warning. This is what I got from the host:
"We are happy to inform you that the malicious code on onesharedearth.com website has been successfully cleaned and we have closed the case accordingly."

I'll update if something is reported about the new code but for now it looks good.

Obviously, the old code was not malware. But I wonder why I'm the only one to have received this warning..
by
@pupi1985, we all know there is no malware in our script but because of above code it is showing site contain malware. Better to remove such code. I also scanned q2a v180 site and it flags for malware. Could you please submit fix for this. thanks
by
@ProThoughts Did the fix also work for you?
by
edited by
@pupi1985, Yes, now it is showing clean site, no malware. Your fix is on site http://demo.question2answer.info

Now sucuri.net shows clean site.
https://sitecheck.sucuri.net/results/demo.question2answer.info
by
Can someone please checking this fix to the main build? I'm using the recent v18.0 and even that has this malware thing going on. Now I will have to modify the files as given in this comment. Whew! :-/
by
Only the bugfix branch has the fix merged: https://github.com/q2a/question2answer/archive/bugfix.zip

What you are asking for is for the v1.8.1 release, which is the result of merging the bugfix branch to the master branch. Only @Scott can do that
by
@pupi1985, scott should have done v1.8.1 release just because of this issue. I dont know where he is.
Snow Theme by Q2A Market
Powered by Question2Answer
...