Prev: administrator change or overide or removal
Next: Looking for advice on PC Cloning?
From: MowGreen on 21 Jan 2010 16:46
You can contact Goggle for assistance in cleaning up the "bad" code:

Q: Google's search results say I have malware, but I can't find it!
A: If you can't find malware on your site yourself, it's generally best
to let the users in the Webmaster Help Forum help you to find it.
Oftentimes, malware is somewhat hidden. "

Malware and Hacked Sites section of the Google Webmaster Help Forum
http://www.google.com/support/forum/p/Webmasters/thread?tid=5078e3ae6fc0996a&hl=en


And, as Martin has posted, you need to contact your *Hosting Company *
and find out how the site was hacked in the first place. It is being
hosted by FASTHOSTS, correct ?


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

banthecheck.com
"Security updates should *never* have *non-security content* prechecked



Belprice wrote:

> Hi Dave , Mo Leo and all others offering me great help and advise.
>
>
> Thanks thus far for all your help , we are currently going through the info
> and advise you all provided. All we want is to remove the warning sign and
> have the site up and running again. One of you sauggested that we contact
> Google and have them remove the message , but how does one go about this.
> Also , am I right in that we have a malware issue here , or am barking up
> the wrong tree.!
>
> Thanks in advance..
>
> Your truely Inspector Clueso...An officer of the LAW!!!!
>
From: Donahoo on 25 Jan 2010 13:32
Belprice wrote:
> Hi Dave , Mo Leo and all others offering me great help and advise.
>
>
> Thanks thus far for all your help , we are currently going through the info
> and advise you all provided. All we want is to remove the warning sign and
> have the site up and running again. One of you sauggested that we contact
> Google and have them remove the message , but how does one go about this.
> Also , am I right in that we have a malware issue here , or am barking up
> the wrong tree.!
>
> Thanks in advance..
>

>>

Speaking from personal experience, there is malware on your site. You
just have to find and fix it, and find the opening. Look at the code for
the pages referenced, and especially look for an iframe tag. Also look
at your site with an FTP program for folders that you didn't upload. Use
your web host's stats to see which pages site are getting the most
traffic (the hacked pages) and where it is coming from, i.e. referral
pages. Look for the search words visitors are using to get to your site.
Get your web host to help you find out where the hacker got in. Upload
the original pages created by your web site designer and make sure you
dont' contaminate them from the hacked pages on your site. Keep
uploading clean pages until the hacking stops; if necessary change the
page names because it's probably being done with a script from a remote
site. Then you need to change the permissions on your pages and folders
to make sure they can't be written to from off the web.

And after your site has stayed clean for a couple of weeks, you can
petition Google to remove the warning.
From: David H. Lipman on 25 Jan 2010 17:20
From: "Donahoo" <Donahoo(a)invalid.net>


| Speaking from personal experience, there is malware on your site. You
| just have to find and fix it, and find the opening. Look at the code for
| the pages referenced, and especially look for an iframe tag. Also look
| at your site with an FTP program for folders that you didn't upload. Use
| your web host's stats to see which pages site are getting the most
| traffic (the hacked pages) and where it is coming from, i.e. referral
| pages. Look for the search words visitors are using to get to your site.
| Get your web host to help you find out where the hacker got in. Upload
| the original pages created by your web site designer and make sure you
| dont' contaminate them from the hacked pages on your site. Keep
| uploading clean pages until the hacking stops; if necessary change the
| page names because it's probably being done with a script from a remote
| site. Then you need to change the permissions on your pages and folders
| to make sure they can't be written to from off the web.

| And after your site has stayed clean for a couple of weeks, you can
| petition Google to remove the warning.

Your experence does NOT equate to her experience.
The site was scanned with anti malware software but I doubt it has any.

Chances are extremely high the the malicious actor found a vulnerability in the web site,
exploted it, and inserted redirection code. You don't have infect the web site and have
malware reside on the web site to do this. It is the site where the user is redirected to
that hosts the malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: "FromTheRafters" erratic on 25 Jan 2010 20:41
"Donahoo" <Donahoo(a)invalid.net> wrote in message
news:eF0%23H0enKHA.5508(a)TK2MSFTNGP02.phx.gbl...
> Belprice wrote:
>> Hi Dave , Mo Leo and all others offering me great help and advise.
>>
>>
>> Thanks thus far for all your help , we are currently going through
>> the info and advise you all provided. All we want is to remove the
>> warning sign and have the site up and running again. One of you
>> sauggested that we contact Google and have them remove the message ,
>> but how does one go about this. Also , am I right in that we have a
>> malware issue here , or am barking up the wrong tree.!
>>
>> Thanks in advance..
>>
>
>>>
>
> Speaking from personal experience, there is malware on your site.

It's too soon to make that call. A server's webpage has evidently been
edited to lead clients to malware. How it got edited remains to be seen.
The OP needs to take down the server and use forensics to determine how
the affected page(s) got edited. Possibly a software
vulnerability -something like this:
http://en.wikipedia.org/wiki/Cross-site_scripting.




From: David H. Lipman on 25 Jan 2010 21:14
From: "FromTheRafters" <erratic @nomail.afraid.org>

| "Donahoo" <Donahoo(a)invalid.net> wrote in message
| news:eF0%23H0enKHA.5508(a)TK2MSFTNGP02.phx.gbl...
>> Belprice wrote:
>>> Hi Dave , Mo Leo and all others offering me great help and advise.


>>> Thanks thus far for all your help , we are currently going through
>>> the info and advise you all provided. All we want is to remove the
>>> warning sign and have the site up and running again. One of you
>>> sauggested that we contact Google and have them remove the message ,
>>> but how does one go about this. Also , am I right in that we have a
>>> malware issue here , or am barking up the wrong tree.!

>>> Thanks in advance..




>> Speaking from personal experience, there is malware on your site.

| It's too soon to make that call. A server's webpage has evidently been
| edited to lead clients to malware. How it got edited remains to be seen.
| The OP needs to take down the server and use forensics to determine how
| the affected page(s) got edited. Possibly a software
| vulnerability -something like this:
| http://en.wikipedia.org/wiki/Cross-site_scripting.



Or PHP, SQL-Injection, etc...




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


First  |  Prev  | 
Pages: 1 2 3
Prev: administrator change or overide or removal
Next: Looking for advice on PC Cloning?