I have a site here http://www.egyptianspirit.info/ when i open this site in Firefox i see “Reported Attack Site!” and if we open this site in “IE” that is internet explorer then i don see any error. We also submitted our site twice to http://stopbadware.org/ but this time i am unable to understand them. The strange thing is that why FF is showing us that message which is not with “IE”, infact my more than 10 sites have been affected and i really wanna get rid of this. We already checked that there is no virus on site.
I would appreciate if any of you help us in this asap.
Your safe browsing diagnostic page at http://www.google.com/safebrowsing/diagnostic?site=www.egyptianspirit.info lists 3 domains being the source of malware.
Even if you find no viruses actually on the site, there might be hidden iframes leading to those domains, which is where the viruses really are, but they’d get put on each of your pages as soon as a visitor receives the page.
Do your 10 websites have anything in common other than you being the webmaster? Same version of WordPress, WP plug-ins, or anything like that?
With 10 sites affected, I’d suggest scanning your PC with an antivirus program other than the one you normally use, just in case this is “gumblar” related. It steals FTP passwords.
Upgrade WordPress to latest version, if it isn’t already.
Beyond that, these pages should help with your investigation:
http://25yearsofprogramming.com/blog/20071223.htm
http://25yearsofprogramming.com/blog/20070705.htm
Hello Steve,
Thanks for your kind response. My site was in simple static pages but day before yesterday we turned it into wordpress with latest version. Now the strange part of our site is that WHY it fails IN FF and works in IE. Here i get confused. My other sites are also in html static pages. Every month we keep changing the PWD for FTP. We have also already scanned our PC from where we upload the files. We couldn’t find even the hidden iframes. Pls guide us next step sir :)
Regards
pankaj gupta
>Now the strange part of our site is that WHY it fails IN FF and works in IE
Firefox checks the Google Safe Browsing List when accessing the pages. IE uses a different list and that list may not have identified the site as a problem. (Edit: I see that SteveW has cleared up the part about IE … I had not realized that IE 7 didn’t check against a malware list. What a shame! )
SteveW has provided his excellent resources to help you examine your sites. Once you are certain that they are clean, you should “Request a Review” directly through your Webmaster Tools account before you go through Stopbadware. You must add the accounts and verify ownership before you will be able to access the “Request a Review” link.
Google Webmaster Tools
Google MalwareFAQ and screenshot for ‘Request a Review’
It is important that the site gets a warning in any browser, but it’s not significant that it gets a warning in one browser but not another. FF uses the Google Safe Browsing Diagnostic database, so any site that is flagged at Google will also trigger a FF warning. IE7 doesn’t have any warning capability at all (except for phishing sites, which is different). IE8 has SmartScreen Filter, which doesn’t use Google’s database; it probably uses a Microsoft database. Google and MS would visit the sites at different times, so it makes sense that one might flag the site but the other wouldn’t.
Using WordPress latest version is good, but WP plug-ins can be a source of trouble, too. If you use any, try looking them up at http://secunia.com/advisories/search/?search=wordpress .
If these early steps don’t resolve the problem, go through the steps on the “20070705.htm” page mentioned above, including examining the files on your server. Also view the database tables. Tell your host what happened. I got a list of 3 of the other 17 neighbor sites on your same server, and 1 of the 3 is also flagged. That host has about 10,000 sites, and nearly 10% of them are flagged, which seems like a high number to me, and a bunch of them are .cn sites, which seems a little weird, too.
That doesn’t mean it’s the host’s problem, but it’s worth talking about it with them.
Basically, if the first easy steps don’t solve the problem, the rest of the steps are not so easy, so you’ll have to do some methodical investigation.
To investigate further, you’ll need your FTP and HTTP access logs, and I would say the next step should be obtaining those and examining them closely.