1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Google Says: "This Site May Harm Your Computer!" Some Assistance Appreciated.

Discussion in 'Google' started by Nova, Sep 16, 2008.

  1. #1
    One of my sites says below my title in Google, "This site may harm your computer" Hostgator contacted me on September 8 regarding it. They removed the badware according to them, then yesterday (Sept. 15) Google places the popular site of badware precaution to everyone who sees my site on the top of Google.

    I submitted everything through review yesterday to stopbardware.org and to Google yesterday, however, today I found the following code twice on the code of my site:



    Hostgator removed the badware according to their scans through their system, but still I found the above code on my website. The particular google-analytics.com with all the related extension seem to be the problem. I did removed it few minutes ago.

    Anyone know the waiting period for a review of Google or stopbadware.org? What can I do to speed up the process? 100's of top keywords in top rankings are in jeopardy...so just imagine:cool:

    If someone has a specific phone number to Google, PM me as it could help. There is always a hidden workable support number just like Amazon and eBay has somewhere.

    Your thoughts and comments on this is surely appreciated.

    Thanks,
    Joaquin
    p.s- Sure hope Google doesn't ban my site and blacklists it...
    SEMrush
     
    Nova, Sep 16, 2008 IP
    SEMrush
  2. live-cms_com

    live-cms_com Notable Member

    Messages:
    3,138
    Likes Received:
    112
    Best Answers:
    0
    Trophy Points:
    205
    Digital Goods:
    1
    #2
    You think Google is mistaking their own Analytics code for malware? Unlikely.
     
    live-cms_com, Sep 16, 2008 IP
  3. Nova

    Nova Active Member

    Messages:
    119
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    61
    #3
    Type the site on Google search box and see the potential pattern back on my site. Type: http://www.google-analytics.com on Google search box.

    What you think?

    The particular site isn't from Google.

    Anyone else have clues?:cool:
     
    Nova, Sep 16, 2008 IP
  4. 2AdvanceMedia

    2AdvanceMedia Peon

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    That look like Google Analytics.. Make sure there are no suspicious file on your directory..
     
    2AdvanceMedia, Sep 16, 2008 IP
  5. Nova

    Nova Active Member

    Messages:
    119
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    61
    #5
    Will call Google tomorrow for this, it surely not Google Analytics but thanks for the suggestions mate. New learning experience from Google indeed. If I found an irregular lines for Google I might post it here later. Just have the same number anyone can easily search for online.

    Google and there surprises oh well...sausage and omelets in a few hours:)
     
    Nova, Sep 16, 2008 IP
  6. abhay.mathur84

    abhay.mathur84 Banned

    Messages:
    155
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    ya that google analytics, that can be old url
     
    abhay.mathur84, Sep 16, 2008 IP
  7. WeWatch

    WeWatch Active Member

    Messages:
    75
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    50
    #7
    Many posters online report that it has taken them 3 to 5 weeks to get the "This site may harm your computer" warning removed from their SERPs.

    After you had the infectious code removed from your site, did you determine the method of infection? If not, the hackers will be back and re-infect your site.

    Cyber criminals love highly trafficked web sites. It helps them distribute their malware even faster.

    PM me if you need further assistance.
     
    WeWatch, Sep 17, 2008 IP
  8. UseShots

    UseShots Peon

    Messages:
    244
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #8
    http://www.google-analytics.com/urchin.js is 100% Google Analytics. 100% legitimate code. But if you don't use analytics yourself or your account ID is not "UA-553907-1", you definitely need to remove the code - someone must be spying on you.

    BTW, you are right. Some malware sites register fake Google Analytics domains. Here are some fake domains I saw:
    google-analyz.cn, google-analyze.cn, analytics-google.info, gooqle-analytics.com (note "Q" instead of "G" in the last one)
     
    UseShots, Sep 17, 2008 IP
  9. WeWatch

    WeWatch Active Member

    Messages:
    75
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    50
    #9
    In working with many people on their hacked websites, most website owners or webmasters, designers, etc. miss the real infection and see various "things" in their html that they don't remember putting in there themselves.

    Quite often the initial reaction is, "I'm not infected! This must be a false positive." Which just delays the entire process.

    Also everyone should note that Yahoo has teamed up with McAfee and is doing a similar warning through SiteAdvisor. I'm sure MSN will be close behind with their own warning system.
     
    WeWatch, Sep 17, 2008 IP
  10. Nova

    Nova Active Member

    Messages:
    119
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    61
    #10
    The thing is that once you type this website on Google search box:
    http://www.google-analytics.com/urchin.js

    The site appears to be infected and I had that URL in my code. So yes, this was the one I had in part of my code. I just did a few coding projects in RAC, but it din't include work in this website. All other sites are ok as far my scanning and long hours of talk with Hostgator.

    Thanks for the average time comment "WeWatch".
     
    Nova, Sep 17, 2008 IP
  11. Niche

    Niche Peon

    Messages:
    415
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Niche, Sep 17, 2008 IP
  12. Lordo

    Lordo Well-Known Member

    Messages:
    2,082
    Likes Received:
    58
    Best Answers:
    0
    Trophy Points:
    190
    #12
    It simply redirects to the normal analytics URL. What is wrong about it?
     
    Lordo, Sep 17, 2008 IP
  13. dadaas

    dadaas Well-Known Member

    Messages:
    1,296
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    160
    #13
    this warning message is pretty annoying and i dont see point of that.
    Ratebeer website got this error and im wondering how is it possible to get this damn warning, can i use browser which will nto show this wartnings?
     
    dadaas, Sep 17, 2008 IP
  14. abercrombie

    abercrombie Peon

    Messages:
    654
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #14
    My PHPBB component of my site also got hacked with phishing scam. It was my fault and my password wasn't strong enough. Luckily hostgator attended to it quick and resolved it within a half hour or so of the hack and I didn't get on the Google bad list. I hear that once you get on that list, it's harsh and google treats you like webmaster that doesn't know how to protect your site sinking your SERP and never allowing it to rise to previous levels even after several years.
     
    abercrombie, Sep 17, 2008 IP
  15. WeWatch

    WeWatch Active Member

    Messages:
    75
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    50
    #15
    dadaas,

    I would say that when Google slaps that label on someone's SERP they're about 99.99% sure that there is infectious code on that web site.

    I wouldn't recommend you look for ways to circumvent their warning. I would look for a different website to visit.

    Of course, if you really want to test your luck, you can just type the URL into your browser and totally bypass Google SERPs.

    But be forewarned! You'll face certain infection attempts.
     
    WeWatch, Sep 17, 2008 IP
  16. UseShots

    UseShots Peon

    Messages:
    244
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #16
    UseShots, Sep 17, 2008 IP
  17. UseShots

    UseShots Peon

    Messages:
    244
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #17
    Ratebeer site was affected by SQL injections. Untill they have removed the malware code, site visitors without decent antivirus/antispyware protection were attacked by malicious scripts which silently downloaded and installed trojans on visitors' computers. Now the Ratebeer site seems to be clean and soon Google should remove the warning.

    Lots of other websites have been affected by the same attack. You can use this google search to get the idea:
    http://www.google.com/search?q=crtbond.com
    Many of those sites are still infected so I don't advise to click on those links.
     
    UseShots, Sep 17, 2008 IP
  18. WeWatch

    WeWatch Active Member

    Messages:
    75
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    50
    #18
    I used intext:ngg.js as a search term and got a list of 17,000,000 websites.

    Many of those have the "This site may harm your comptuer" slappage on the listings.

    DO NOT VISIT THEM!

    Just an easy way to see how many websites are infected although many of these are blog and forums discussing how websites became infected.

    Just an FYI...

    Nice work UseShots!
     
    WeWatch, Sep 17, 2008 IP
  19. UseShots

    UseShots Peon

    Messages:
    244
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #19
    Your are right

    This intext:ngg.js search reveals sites vulnerable to SQL injections. The fact this script appears as text rather than actual script means that hackers managed to inject the script code into web site's database. And the site used the infected database fields to generate titles and some properly sanitized text snippets. However if some of the text snippets are not properly sanitized, the site becomes dangerous and may infect its visitors.
     
    UseShots, Sep 17, 2008 IP
  20. Nova

    Nova Active Member

    Messages:
    119
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    61
    #20
    That legitimate Google Analytics extension site also has a "This site may harm your computer" once you hit a search on Google as you can appreciate.

    Either way you surely know your material, did a research here and there. Read my PM.
     
    Nova, Sep 17, 2008 IP