Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Malware detected in Q2A code

+2 votes
352 views
asked Feb 12 in Q2A Core by onesharedearth

My recently launched website is in testing phase - https://www.onesharedearth.com/ - and unfortunately I only enabled recaptcha and user moderation after many spammers had registered and asked spammy questions.

My host has reported this today and given me a week to clean up the site:

*Known javascript malware. Details: http://labs.sucuri.net/db/malware/spam-seo.hidden_content?2 <div style="position:absolute; left:-9999px; top:-9999px;">

This seems to be at the bottom of each page on my website & could be what the malware report is about, although I could be very wrong and there may be more spammy content elsewhere.

</footer> <!-- END footer -->
<div style="position:absolute; left:-9999px; top:-9999px;">
<span id="qa-waiting-template" class="qa-waiting fa fa-spinner fa-spin"></span>
</div>
</body>
<!-- Powered by Question2Answer - http://www.question2answer.org/ -->
</html>

This seems to be genuine Q2A code. Will removing the call to body_hidden() in qa-include/qa-theme-base.php remove the malware warning and also not have any side effects in the website? I'm not sure what the body_hidden() is for.

If this is the case, then do other Q2A sites receive similar warnings?

See this too - http://www.question2answer.org/qa/43870/spam-seo-check-should-we-be-worried?show=43872#a43872

Q2A version: 1.8.0-beta2

1 Answer

+3 votes
answered Feb 12 by pupi1985
selected Feb 14 by onesharedearth
 
Best answer

That code keeps the waiting template (the rolling ball in SnowFlat) hidden so that it can be cloned later. I don't really think there is any difference in hiding it using the position or the display approach. So I would go for the latter. Try it out and see if that is reported as malware too. Needless to say it is not malware, right?

These are the exact changes that you need to do: https://github.com/pupi1985/question2answer/commit/fee24cb2a08709630c5451f6f05c4a4546ad109a

Please, test them and report back. BTW, to see the waiting template you could just add a comment and it will appear for a second.

commented Feb 15 by pupi1985
@ProThoughts Did the fix also work for you?
commented Feb 16 by ProThoughts
edited Feb 16 by ProThoughts
@pupi1985, Yes, now it is showing clean site, no malware. Your fix is on site http://demo.question2answer.info

Now sucuri.net shows clean site.
https://sitecheck.sucuri.net/results/demo.question2answer.info
...