I had a fairly productive website of real estate tours. Google flagged the site as hosting badware. The site was hosted at GoDaddy.com, who is particularly unhelpful with any of my problems.
I’ve deleted everything from the hosting account. I’ve replaced it will only the most basic of pages, and have requested a Google review three separate times, and have have requested a StopBadware.org review one. My site is still reported as hosting malware.
If I’ve got new code with no apparent malware, how can I get Google to stop reporting a problem that does not exist? If I do still have malware, how can I identify it?
I’m stuck, and ready to close my business because of this problem.
The following resources may also help you evaluate your site:
Resources:
Tips for Cleaning & Securing your Website
How to remove the ‘This site may harm your computer’
Google Webmaster Tools
Google MalwareFAQ and screenshot for ‘Request a Review’
If you can provide your URL, it would help others to help you with more specific details. You could use a URL shortening service or mask the URL in some other way, if you like.
Edit: I see you provided your URL while I was typing. Thanks! :-)
Your Google Safe Browsing Diagnostic page says that the infection of your site is by Gumblar and Martuz.
That means it is almost certain that your PC is infected, and the FTP password is being stolen, which is then being used to hack the site.
Have everyone with FTP access to your site scan their PCs with an antivirus scanner other than the one they normally use.
I’m currently running Panda Antivirus Pro 2009, which has reported no virus. Just to be safe, I’ve also run a web virus check from Trend Micro. Gumblar and Martuz are prominent enough that I’m sure both programs should catch the virus if they’re on my machine.
A scan by Dasient.com finds no badware on one site. It reports suspected malware from the other site, but this is a hidden iframe that’s part of a shopping cart. The “suspect” code is this:
<iframe style=“width:1px;height:1px;visibility:hidden” id=“submit_frame” src=“/blank.html” name= "submit_frame">
Regardless, repeated requests to Google to reevaluate the site are either not being executed, or the report is not changing. Is there any way to get more information?
Hm, the home pages of both of the sites you provided the web addresses for are currently returning a 401 Unauthorized result code, meaning login is required and wasn’t provided. That’s just to view the home page, not to get somewhere beyond it.
If Google is also getting those 401’s, they aren’t likely to update their status reports because they’re unable to check any pages at all.
My understanding is that Google prefers to see the same pages that used to be there, cleaned, not a closed site or one with all its pages missing.
Are you able to view your website access logs? Last I saw, I think it was an extra-cost option for the basic GoDaddy shared hosting plan, but in this situation being able to view your access logs can be quite helpful.
I would consider that suspect code, a 1×1 pixel hidden iframe, to be suspicious. Have you looked to see what is in “blank.html”.
