SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Enthusiast
    Join Date
    Nov 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Firefox/Google says my website is infected

    Reported Attack Page!
    This web page at www.mydomain has been reported as an attack page and has been blocked based on your security preferences.
    Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.


    What happened when Google visited this site?

    Of the 81 pages we tested on the site over the past 90 days, 64 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-06-04, and the last time suspicious content was found on this site was on 2013-06-04.

    Malicious software includes 31 trojan(s).

    Malicious software is hosted on 3 domain(s), including treforowen.com/, podilovy-fond.eu/, akbgold.com/.

    2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including vippraiahotel.com.br/, podilovy-fond.eu/.

    This site was hosted on 1 network(s) including AS33182 (DIMENOC).

    Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, www.mydomain did not appear to function as an intermediary for the infection of any sites.

    Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

    How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

    Next steps:

    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.


    I'm not sure how my website got infected, whether someone exploited a vulnerability in the installed apps, my computer is compromised or my host's server was compromised itself.
    Has anyone else run into this? What are the steps I need to take now and are there any things I should know?

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,650
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Yes. I had a couple of my clients' websites hacked and they did contain code injected into the existing files (JavaScript which went off to another website for the malicious payload). At that stage, I went through a complete DELETE and reload but only after updating my passwords (http://strongpasswordgenerator.com). If you're also running a CMS, be sure to delete all admin accounts but the one dedicated to the site owner.

    I've also recommended using maldet scans via CRON for a daily check of all scripts.

    Finally, I also use a daily hash validation that files have not been added, deleted or edited from the prior scan and reports via e-mail. I've written an article for SitePoint which leads readers through the code used - just be sure to download the update for the corrected article and code.

    For more details, I'd recommend searching this board for "maldet scan" and I'm sure you'll find it.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Enthusiast
    Join Date
    Nov 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good advice there. But what about the detection by Google? Will Google automatically remove me from the blacklist it it detects the website as having been cleaned up? If not, can I get in touch with them and how would such a request to be removed works? Will I just run into a call center with no option to speak to a human being? Opera also mentions the website as being infected according to data provided by, in their case, yandex.ru I'd have the same questions about yandex as I do have about Google. Those guys may not even speak English, being Russian and all. This shows why the major companies shouldn't be allowed to police the internet. What happens if they have a false positive? Anyone who tried to get in touch with a huge corporation knows how hard it is to get in touch with an actual human, and if you do, sometimes they completely unwilling or unable to help. Or if they are trying to squash a potential competitor early?
    Is this the article? http://www.sitepoint.com/detect-hack...s-via-cronphp/

  4. #4
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,656
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    FTP overright all the files. Change your hosting password. Let google know all fixed in webmaster tools. Done.

  5. #5
    SitePoint Member
    Join Date
    Jul 2013
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by PicnicTutorials View Post
    FTP overright all the files. Change your hosting password. Let google know all fixed in webmaster tools. Done.
    -----------------

    first scan your server with well known antivirus and then change password and submit your site in google webmaster tool to tell google that i have removed the threats...

  6. #6
    SitePoint Zealot
    Join Date
    Nov 2012
    Posts
    117
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Make sure you backup all of your files !

  7. #7
    SitePoint Member
    Join Date
    Jul 2013
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes, it is very necessary to have back up of your all data you are using and publishing..

    thanks for addition..

    Regards
    Ali Ejaz

  8. #8
    SitePoint Member
    Join Date
    Aug 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by hawkman View Post
    Good advice there. But what about the detection by Google? Will Google automatically remove me from the blacklist it it detects the website as having been cleaned up? If not, can I get in touch with them and how would such a request to be removed works? Will I just run into a call center with no option to speak to a human being? Opera also mentions the website as being infected according to data provided by, in their case, yandex.ru I'd have the same questions about yandex as I do have about Google. Those guys may not even speak English, being Russian and all. This shows why the major companies shouldn't be allowed to police the internet. What happens if they have a false positive? Anyone who tried to get in touch with a huge corporation knows how hard it is to get in touch with an actual human, and if you do, sometimes they completely unwilling or unable to help. Or if they are trying to squash a potential competitor early?
    Is this the article? http://www.sitepoint.com/detect-hack...s-via-cronphp/
    Google Does not automatically remove the malware warning. You will have to have a Google webmaster account (http://www.google.com/webmasters). Once you have added and verified your site, you will see an option under "Health", "Malware" to request a review. It usually takes them 12-24 hours if the site is indeed clean to remove the warning.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •