hawkman — 2013-07-30T03:50:01-04:00 — #1
Reported Attack Page!
This web page at www.mydomain has been reported as an attack page and has been blocked based on your security preferences.
Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
What happened when Google visited this site?
Of the 81 pages we tested on the site over the past 90 days, 64 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-06-04, and the last time suspicious content was found on this site was on 2013-06-04.
Malicious software includes 31 trojan(s).
Malicious software is hosted on 3 domain(s), including treforowen.com/, podilovy-fond.eu/, akbgold.com/.
2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including vippraiahotel.com.br/, podilovy-fond.eu/.
This site was hosted on 1 network(s) including AS33182 (DIMENOC).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, www.mydomain did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
I'm not sure how my website got infected, whether someone exploited a vulnerability in the installed apps, my computer is compromised or my host's server was compromised itself.
Has anyone else run into this? What are the steps I need to take now and are there any things I should know?
dklynn — 2013-07-30T07:39:29-04:00 — #2
I've also recommended using maldet scans via CRON for a daily check of all scripts.
Finally, I also use a daily hash validation that files have not been added, deleted or edited from the prior scan and reports via e-mail. I've written an article for SitePoint which leads readers through the code used - just be sure to download the update for the corrected article and code.
For more details, I'd recommend searching this board for "maldet scan" and I'm sure you'll find it.
hawkman — 2013-07-30T08:34:27-04:00 — #3
Good advice there. But what about the detection by Google? Will Google automatically remove me from the blacklist it it detects the website as having been cleaned up? If not, can I get in touch with them and how would such a request to be removed works? Will I just run into a call center with no option to speak to a human being? Opera also mentions the website as being infected according to data provided by, in their case, yandex.ru I'd have the same questions about yandex as I do have about Google. Those guys may not even speak English, being Russian and all. This shows why the major companies shouldn't be allowed to police the internet. What happens if they have a false positive? Anyone who tried to get in touch with a huge corporation knows how hard it is to get in touch with an actual human, and if you do, sometimes they completely unwilling or unable to help. Or if they are trying to squash a potential competitor early?
Is this the article? http://www.sitepoint.com/detect-hacked-files-via-cronphp/
picnictutorials — 2013-07-30T11:39:37-04:00 — #4
FTP overright all the files. Change your hosting password. Let google know all fixed in webmaster tools. Done.
euroark — 2013-07-31T03:37:03-04:00 — #5
first scan your server with well known antivirus and then change password and submit your site in google webmaster tool to tell google that i have removed the threats...
vincentas — 2013-07-31T03:47:29-04:00 — #6
Make sure you backup all of your files !
euroark — 2013-07-31T03:58:02-04:00 — #7
yes, it is very necessary to have back up of your all data you are using and publishing..
thanks for addition..
scurit — 2013-08-05T16:36:57-04:00 — #8
Google Does not automatically remove the malware warning. You will have to have a Google webmaster account (http://www.google.com/webmasters). Once you have added and verified your site, you will see an option under "Health", "Malware" to request a review. It usually takes them 12-24 hours if the site is indeed clean to remove the warning.