My company website ‘riverview.com.sg’ is labelled with ‘This web site may harm your computer’. Our Web Hosting Provider said that their have a very strong firewall. They have checked and confirmed that there is no badware and has submitted for request a review to Google. But till (it has been one week), our website still with the badware warning. I am just a finance person not a technical person, but since IT dept is reporting to me, I have to answer to my boss and ensure all this issue to be solved. My IT is on leave and my Web Hosting Provider just ask me to wait for Google to review, How long Google will take to review? I notice Google last visited our web site is on 24 June’09, is this mean that Google has done their review but found that this site still not safe? Please advise what are the steps that I can do in order to solve this issue or Only my Web Hosting Provider can carry out those steps required to solve it? If I have to depend on our Web hosting provider to act on, any one can advise me what are the steps what I need to ask my web hosting to carry out?
Thanks
Your site has been hacked and a Quick Scan with Dasient WAM references a hidden iframe referencing http: //gianthighest .cn :8080/index. php
on both [ www .riverview .com .sg ] and [ riverview .com .sg ]. This will be need to be removed (as well as any other problems that are found) and someone will need to “Request a Review” through your Google Webmaster Tools account.
Both the www and non-www version of the site need to be added to your Google Webmaster Tools account and ownership verified before you will have access to the “Request a Review” link for each version of the site.
It is important for someone to evaluate the situation and determine how the site was hacked and fix it so that it is less likely to happen again. At the minimum, you should change the FTP passwords. Ideally, you should also check the computer used for FTP access to the site for malware capable of capturing the passwords.
Once the site is clean and secure and a review has been requested, it normally takes less than 24 hours to have the results of the new review and the warning to be removed from the search results. However, if the site is not clean, there should be a message in the Webmaster Tools account explaining that.
You may want to refer your hosting provider to this conversation and the resource material available.
Resources:
Tips for Cleaning & Securing your Website
How to remove the ‘This site may harm your computer’
Thanks Kaleh
I has forwaded our conversation to My Web Hosting Provider. According to them, they have follow all the steps to clean the website. At about 11.45am+ they has carried out a drastic clean on the server and submitted a request for review. Can you help me to check whether the website is clean.
You mentioned that if the site is not clean, there should be a message in the Webmaster Tools account explaining that. But according to my Web Hosting Provider, no message received for the previous Request a Review. So, my concern is that how to know whether Google has review our website and what is the review result if Google don’t response to my Web Hosting Provider in the WEbmaster Tools account?
Thanks
It looks like everything is fine now. In the absence of seeing relevant messages in the Webmaster Tools account, the following signs are indicators that things have changed for the better since your first post.
The warning “This site may harm your computer” has been removed from the search results.
If you do a search for [ site:riverview.com.sg ] you will see all of the pages indexed by Google. The warning is gone when I view the results.
The Safe Browsing Diagnostic Reports for both the www and non-www versions of the site both state “This site is not currently listed as suspicious.”
http://www.google.com/safebrowsing/diagnostic?site=riverview.com.sg
http://www.google.com/safebrowsing/diagnostic?site=www.riverview.com.sg
When I manually check the pages I see in the search results with web-sniffer.net, I no longer see the malscript. For future reference, the code is not always visible in the HTML, but it was visible yesterday and is not today.
Please confirm that the passwords have been changed. When your IT staff returns, be sure that any computers used to maintain the site are checked for malware capable of capturing the FTP credentials.
In addition, it would be a good idea to see if they can switch from FTP access to either SFTP or FTPS so that all data (especially login credentials) is encrypted instead of sent in plain text.
