My site was flagged by Google. I did a lot of reading online and discovered where the infection was and I was able to clean it up. I also changed all my passwords (from another computer). The warning report showed a javascript exploit or injection attack I think. After cleaning and requesting a review, Google has removed the warning.
My question is "how" did my site get infected to begin with? I would like to understand how somebody was able to change my index.html and frame1.html to include their hidden iframe.
If somebody could look at my pages and let me know if anything jumps out at you as far as a security risk, I would appreciate it. I host through 1and1.com and after talking to them, they said they did not see any problems (even though Google was reporting it as infected). They said they did not find any infection of they would have notified me.
My website is radiogoldindex dot com. Thank you for any help anybody can provide.
Hello Craig,
since I do not know your level of familiarity with the terms in this field, I will follow a middle path. Here’s my 2 cents :-)
A first look at your site does not reveal obvious areas where you accept user input, but with just a little more poking around one can find out the backend programs you are using to accept user inputs. This is one attack vector. It can be use for SQL injection/iframe/javascript injection. I am pretty certain that there’s a db running over at your place. I will not list the links which represent the same on your site, i do not want to be responsible for publishing a (possible) live attack vector :-).
Another attack vector arises from "server-level" weaknesses where the guys hosting the servers, have left open loopholes due to not plugging security issues in time etc..
I (and others) can give you a more comprehensive idea about your site, but will need your explicit permission in that case. If you are interested, please contact me through my site, listed below.
Hope this helps,
-A
Dr. Anirban Banerjee,
Jaal LLC, Riverside, CA.
http://www.jaalcheck.com
I was checking from home www.arabtimesonline.com and www.oheraldo.in both were blocked from google.com, but from office i have been using 3.08 firefox, they were not blocked.
anyhow i check from www.jaalcheck.com arab times was showing clean, but oherald was showing unsafe.
For arab times what i did was i removed google advts and it showed safe in jaalcheck.com
