Have search the entire site. and did not find anything wrong …
sent for review, is 4 days and still had no result.
Please help me!
www.diariodolitoralnorte.com.br which redirects to www.tvancoradouro.com.br/diario/
There are some other messages here tagged with “maislex”, but no reports yet of how this hack occurs.
I suspect it is most likely a “remote file inclusion” attack on your PHP pages.
Without knowing exactly how the attack occurs, a generic approach is necessary.
Reasons why Google flags sites:
Most likely reason, however, is it was hacked. So, steps to clean up hack:
Ensure applications (WordPress, etc.) are at latest versions.
If you wrote PHP code yourself, revise to protect against remote file inclusion.
In addition to the helpful resources SteveW provided, you may want to be aware that at least two pages involve the following:
tvancoradouro .com .br contains hidden iframes, at the bottom of the page, leading to bad sites.
- beidzan .com suspicious – displaying 1 of 1
- < IF rame > hidden link – http :// beidzan .com/ ?click=109ADA
- maislex.net suspicious – displaying 1 of 1
- < IFra me > hidden link – http :// maislex .net/ ?click=5960D
tvancoradouro .com .br /diario/ also contains hidden iframes at the bottom of the page
- clifedo .net suspicious – displaying 1 of 1
- < I Fra me > hidden link – http :// clifedo .net/ ?click=79950
- maislex .net suspicious – displaying 1 of 1
- < IFr ame > hidden link – http :// maislex .net/ ?click=8CCBF
Edit: As it stands now, the last time Google visited this site was on 2009-07-05. Once you get this cleaned up and evaluate your site based upon the guidelines SteveW offered, you will need to “Request a Review” again, through Google Webmaster Tools.
note: DWAM no results
“this hack happens when some malware steals FTP credentials from a local computer”
Denis, does that apply with some certainty to any of the particular domains here (beidzan, maislex, clifedo) and others you list at http://blog.unmaskparasites.com/2009/04/29/another-type-of-iframe-hack-php-exploit/ ?
Also wondering about beladen and efradin, two mystifying ones here the past few days.
With gumblar and martuz winding down, it would be logical for them to migrate the same FTP password-stealing methods to a whole bunch of new domains for a long time to come because it’s been so successful, but are they definitely doing that?
With martuz and gumblar it’s easy to tell a webmaster to scan their computer and change passwords, and that’s probably the end of it.
But if it’s not a password theft, focus switches back to on-website security. The old reliable RFI attacks are still around. They never went away, they were just dwarfed by the prevalence of gumblar.
Anyway, just looking for some discussion on this. Gumblar was actually a very easy one to prevent and resolve. If its methods are disappearing, it’s back to the old ways, and webmasters are in for a much more difficult time finding the cause and resolving it.
Thank you for your attention …
I think it could solve the problems …
this was precisely the problem.
If you can check back to see if you have some problem,