This is driving me and my client nuts. This has happened a few times now and each time I actually do nothing on the site, request a review, google clears the site of any malware warnings, but a few days later it flags it as being malware again. In order to help the client sort it out, I have registered the clients site in google webmaster tools and today, again, I received the following email. The weird thing is, if I then login to google webmasters tools I see the following which shows a couple of images being reported as malware and NOT the pages in the above email. So you see, there is no mention of the two urls in the email and if I go to the above images on the clients site, there is no malware warning. Anyone else seen this before? As mentioned before, every time we request a review, the site passes, then a few days later it gets flagged again. This is really affecting my clients ability to run his business and its not doing alot for my sanity.
The site is not hacked though. This is the point. Also, how can an image contain malware and redirect users to a different page? I know images can contain injected code but it cant redirect users to another site, that is not possible. Google is saying its got malware and is quoting pages on the site as being infected, yet in webmasters tools its saying images are infected and no mention of the pages. To make sure I have my sanity, I have gone through every file on the site including htaccess files and all core file including the database content etc. Scoured it thoroughly. I have also locked down the site pretty good in terms of permissions, sql injection etc. The server this site is on uses: - clamav - ASL 3.0 from atomicorp.com - LMD from rfxn.com/projects/linux-malware-detect - eXploit Scanner from ConfigServer - CSF firewall from ConfigServer These 5 items alone provide pretty strong prevention for code injection/XSS etc. Again, google is saying one thing then showing something else in the webmasters tools and in the meantime people visiting the web site are getting a warning saying the site is malicious when its nothing of the sort. This is hurting the site owner because a lost lead can results in missing out on $$,$$$$. Its quite serious!!
Did you re submit the website from google's webmaster tool ? Does it still shows that .jpg files are infected with malicious code ?
After posting this thread I submitted a couple more times and still google was saying "MALWARE MALWARE". So I wrote in the resubmission that my client would possibly be taking legal advice as google was redirecting visitors to a scary page giving the impression that my client was a phishing site and he was potentially losing business. I did not see anything for two days but sods law, client did not renew the domain name so the web page got taken down and an enom landing page was there for a couple of days. When the client alerted me about the domain, I renewed it. Then I logged into webmasters tool and there were no more malware warnings since then. I kind of doubt that mighty google will have trembled at our feeble legal threats so it must have been the domain expiry that did the trick. Really odd situation though and its amazing how google throughout the whole process did not reply personally once and have the power to totally destroy your business.
The site IS infected. The site DOES redirect to a malware site at a certain URL. I wont linked it for obvious reasons. Threatening legal action against a free service provided by google? Maybe they should just drop the site completely from the search results? You need to check the .htaccess file in the uploads directory, and any other htaccess files that may have been compromised. Oh, and maybe apologies to google
Thank you for your comments but just a few points. 1. The pages and files google were saying that were infected were NOT infected. 2. There is no htaccess file in the uploads directory 3. When google says "this file" is infected and its not, anyone with firefox, chrome etc cannot access the web site, whether they go through the search results or not. So the "free service" that google offers is detrimental to the business if there is a false positive. Its even worse when google is non responsive. All they do is send a automated scanner and they say "thats malware" without providing any additional details. Its wrong and noone should apologise. To be perfectly honest, your post is as bad as google. You are just saying "it is malware" without providing any helpful information at all. Just saying "I wont linked for the obvious reasons". Dont get me wrong, I appreciate comments and assistance but if you really wanted to help you would post more information or at the very least PM me with some details, not tell me that I should apologise to google and be thankful for them. I was here before google and I will be here after google.
I wont post links that may redirect to malware sites, sorry. As i said before: "and any other htaccess files that may have been compromised." If you are using an htaccess file to do pretty urls, so that would be my first place to investigate. Failing that check index.php I dont have access your your site source code obviously, so I dont know which dirs have htacces files in them. I scanned your site with this tool and it reported the issue (I got the same result weeks ago when you posted this thread, but wasn't a member so i couldn't reply then). http://sitecheck.sucuri.net/results/www.ardenestates.com/wp-content/uploads/exclusive.jpg and: http://labs.sucuri.net/db/malware/malware-entry-mwhta7 Apparently it's a conditional redirect, so it doesn't seem to happen every time a visitor hits the site. Though it did redirect me this morning when I made the first post, isn't happening now, so either its fixed, or its very picky about who it redirects. "3. When google says "this file" is infected"... It means googlebot tried to retrieve the file, and got redirected to a malware site instead. Good hunting...