Google
 
Web smallbusinessbrief.com

View Full Version : Reported Attack Site


Nutty
7th June 2010, 10:38 AM
Hola

We have a website that according to Google is a "reported attack page" and states the following message

"This web page at www.doctorsnatural.se has been reported as an attack page and has been blocked based on your security preferences"

Since discovering this issue we have moved servers, cleaned the malicious data from the website, reported to Google

There is no malicious code according to us, our hosts, Norton web scanner
and Sucuri.net
Google are reporting the following:
What is the current listing status for domain.se?
Site is listed as suspicious - visiting this website may harm your computer.Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 52 pages that we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2010-06-06, and the last time that suspicious content was found on this site was on 2010-06-06.

Malicious software includes 120 exploit(s), 20 scripting exploit(s).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, domain.se appeared to function as an intermediary for the infection of 26 site(s) including paylasimportal.co, nady-sa.net, chaplin-club.net
[/URL]
Has this site hosted malware?Yes, this site has hosted malicious software over the past 90 days. It infected 62 domain(s), including myebx.com, nady-sa.net and paylasimportal.com[URL="http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-GB&site=myebx.com/"]
(http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-GB&site=paylasimportal.com/)

(http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-GB&site=myebx.com/)
As you can see that when Google reported in 6 June, 2010, it says 0 pages were malicious, so we are confused ad to why they are still showing the malicious code page when we go there?

This website is losing money due to this problem and we need to sort it but how?

Google says 0 page are malicious yet they still show the page, when we ask for them to look again it says there is 1 pending - are we buggered, do we need to buy a new domain and start again as clearly their systems are not working properly, I doubt my client has time to wait for Google to pull their finger out at their leisure!

Thanks

Nutty

zharlene
7th June 2010, 05:19 PM
Last week my webhost experienced the same thing. Their site did not have malicious code but they had a script on their pages that were considered "unsafe" by Google.

Google actually sorted this out within a few hours and the "this site may harm your computer" was removed off the SERPs. Since it's taking quite a while for Google to sort your site out I'm guessing they still consider it unsafe.

Google says 0 page are malicious yet they still show the page, when we ask for them to look again it says there is 1 pending - are we buggered, do we need to buy a new domain and start again as clearly their systems are not working properly, I doubt my client has time to wait for Google to pull their finger out at their leisure!


Well, actually look at this:

"Of the 52 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-06-06, and the last time suspicious content was found on this site was on 2010-06-06.

Malicious software includes 120 exploit(s), 20 scripting exploit(s)."

Google did say 0 pages had malicious software being downloaded and installed without user consent.

However, it does also say that suspicious content was found the last time they were there.

Best thing to do is to identify the scripts considered unsafe and prove to Google that they are not unsafe to visitors.

It's better to just try and resolve this, as opposed to getting a new domain and starting again. You might end up using the same content or scripts considered unsafe and you'll just be going round in circles with Google.

I can only imagine your frustration. Hang in there, best of luck.

Nutty
8th June 2010, 04:33 AM
During our research it transpires that if you delete pages that had suspicious content on them, then Google believe you could be removing the pages temporarily to show a clean bill of health to a later date add that page back

Therefore, we have been told to put back all the pages which were deleted back on the website clean and then we can use the status (401 = gone), we could then remove the pages at a later date

Even though Google says the last time they visited the site was 6 June, this is actually not true, apparently they do not visit these sites very often (for obvious reasons!), unless the review has been asked for. We are on their blacklisted database and even though they are showing they have been to the site recently, they have not, they have just queried their blacklist database

We will continue with this and seems we are learning a lot as we go! LOL

Thanks

Nutty