Hi everybody,
My website www.sagreinitalia.it has reprted some badware in Google yesterday evening. As a result, Firefox stops people form getting to the site and this is causing a quick drop in visit…form about 10000 to 1000 in a day…
I have checked my site for viruses, re-uploaded htnl and asp sources, nothing ssems bad…WHat can I do? any help appreciated…
It is possible that when you re-uploaded the data that you removed the problem that was causing the site to be flagged by Google. Without that information it may be difficult to determine what was going on and how to prevent it in the future.
I would encourage you to go ahead and “Request a Review” through Google Webmaster Tools to see if a problem remains. If it doesn’t, the warning will be removed from the search results.
You should still also try to determine how the site was hacked in the first place. It is possible that the following can help you with the process of thoroughly evaluating and securing your site.
How to remove the “This site may harm your computer”
http://25yearsofprogramming.com/blog/20071223.htm
How to prevent your site from getting hacked. How to repair a damaged site. Website security precautions
http://25yearsofprogramming.com/blog/20070705.htm
Tips for Cleaning & Securing your Website
http://www.stopbadware.org/home/security
Please consider that the hack may have been because of malware on the local computer that was capturing your passwords. Check the computer(s) used for adminstrative access to the site, using multiple products that you don’t currently use, change all passwords, and do not store passwords in the FTP client.
Thanks
apperently there was nothing strange on the site. Checheck both with antivirus locally, dasient remotely…
I simply had left some commented html for some ads (like heyos, tradedoubler, ) which I don’t want to display all the time..So I ofthen comment these parts out…But they have always been there…
The site has been up for three years, it’s quite trusted and has a PR of 5 and about 8-10000 visitors per day…never had such problem…
I am double checking everything to see what the issue can be, but i really can’t find anything…I’ll have a check for the inbound and outbound links as well….
Unfortunately, it doesn’t matter how trusted and legitimate a site is. Sites are hacked constantly … often because of compromised passwords related to malware on the local computer or vulnerabilities related to the site.
Scanning your site files with an anti-virus may catch some things, but it won’t catch everything. Same thing goes for Dasient … it does not detect everything.
A clean bill of health with any product does not mean that everything is OK. It may just mean that the product is not checking for the right thing, under the right circumstances.
Most products are a work in progress and are constantly tweaked to detect constantly changing methods that the malware writers use. The products are tremendous aids when they identify something for you, and when they can show that you successfully removed that particular problem. But, if there are other indicators that there is a problem, and that product didn’t detect the problem, you should keep looking.
If Google flagged a site, it is an indication that their scanner ran into something that exhibited malicious behavior. Sometimes that “something” is random and elusive, but it presented itself at the time that Google checked it.
However, if you don’t find anything that stands out, after thoroughly reviewing all possible situations, and you have re-uploaded known, clean files … go ahead and “Request a Review” and see if Google clears the site.
Google Webmaster Tools also has a new feature under [ Labs ] [ Malware Details ] that is accessible from the Google Webmaster Tools Dashboard for your site. In some cases, it may identify code snippets.
You may want to check [ Labs ] [ Malware Details ] to see what kind of information is available, as well as checking [ More Details ] from the red malware warning bar that should be visible from the Dashboard for the site. That area should provide a list of sample pages that Google found problematic.
…the [ Labs ] [ Malware Details ] is empty
the “More details” only shows my Home Page as the likely infected pages. I have chedcked it 10.000 times without seeing anyhing strange
also:
http://www.google.com/safebrowsing/diagnostic?site=http://www.sagreinitalia.it/&hl=en
this is the result from “safe browing” google page…
I have requested a review in the meantime
would you recommeto to turn Google Adsense off from the site? I don’t want to get banned….
i am getting mad :-(
Your SafeBrowsing Report was “odd” in that it didn’t identify any domains that are involved. That information sometimes provides some clues as to what type of attack it is. Right now, we don’t have any clues to work with.
One other obvious place to look is in the .htaccess file(s) for suspicious code. Hackers sometimes modify these files and often add extras, even above public_html. While you are waiting for your review to complete, I would at least look for .htaccess issues.
As far as AdSense, I don’t know what to tell you. I’m not that familiar how things work with AdSense. While someone here might be able to offer insight in that regard, you might also want to ask on the Google AdSense Help Forum.
AdSense Help Forum
http://www.google.com/support/forum/p/AdSense
autodafe..
I think you need to get a scan done to make sure we’re not missing anything else here..looking at the conversation, looks like you’ve done everything else correctly. and I doubt its coming from adsense.
-Team 54f3.com
Signup for a scan! (1st month Free:) Coupon: 8A8AC16C0E
Ordering: http://www.54f3.com/signup.html
Main Site: http://www.54f3.com
Blog: http://blog.54f3.com
Free Security Newsletter: http://oi.vresp.com?fid=4f4a18b99d
Most of the times it is compromised passwords. Do a scan of your PC and make sure there are no Trojans/viruses capturing your ids/passwords, change ALL passwords especially FTP, it is likely your passwords have been compromised. Never store/save your passwords in your FTP client, use secure FTP if available.
Have one extra (beer) this afternoon and will call it even.
autodafe i’m italian but i reply to you in eng for others…
your site is like mine on Aruba hosting, even my site get hacked, but the strange thing is that all my sites on Aruba get hacked not only one.
I think that they get access on some servers and they have attack all domains.
So i dont think is only a problem like ftp password stolen but that machines are unsafe!!
If i can suggest to you… stay away from aruba hosting… if you have some good sites that getting you good money. Im keep away from aruba now!!!
This is the response of google:
What happened when Google visited sites hosted on this network?
Of the 18844 site(s) we tested on this network over the past 90 days, 241 site(s), including, for example, frosinonecalcio.com/, ilgiornaledelfriuli.net/, served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2009-10-26, and the last time suspicious content was found was on 2009-10-26.Has this network hosted sites acting as intermediaries for further malware distribution?
Over the past 90 days, we found 12 site(s) on this network, including, for example, midikar.org/, reset2006.com/, celebrityforum.tv/, that appeared to function as intermediaries for the infection of 11 other site(s) including, for example, masterworld.org/, blogitalia.it/, zigghy.it/.Has this network hosted sites that have distributed malware?
Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 8 site(s), including, for example, elminiportal.com/, ambroweb.com/, midikar.org/, that infected 49 other site(s), including, for example, blogassuntosdiversos.blogspot.com/, elisaaue.blogspot.com/, hannahtricocroche.blogspot.com/.