My site, www.hucktoflat.com, has been flagged as an attack site. I added a html block from clickthru.net yesterday which is the only change in several weeks. I’ve just checked the server & there hasn’t been any changes to files since the last security patch for SMF. I believe the malware was being served from an ad or custom html block on my page. Is someone able to confirm that the site is now clean?
It’s not clean yet. Firefox is pre-fetching info from the page and my Avast anti-virus is alerting me as soon as the search results page displays.
The following quick scan identifies the code that you are looking for:
http://wam.dasient.com/wam/diagnose?URL=www.hucktoflat.com&scan_id=65222
Your SafeBrowsing Diagnostic Report references [ gcounter .cn ] which may be included in the code identified by Dasient, or it may be listed in a more obvious way.
http://www.google.com/safebrowsing/diagnostic?site=http://www.hucktoflat.com/&hl=en
There have been reports of modification dates having been changed by the hackers, in order to hide evidence of files having been changed. Did you check your logs for access that you can’t account for?
You may want to use the following as a resource to guide you through thoroughly evaluating and cleaning your site.
How to remove the “This site may harm your computer”
http://25yearsofprogramming.com/blog/20071223.htm
How to prevent your site from getting hacked. How to repair a damaged site. Website security precautions
http://25yearsofprogramming.com/blog/20070705.htm
