Google www.tvancoradouro.com.br blocked, what to do?
by aadesign
almost 5 years ago

Have search the entire site. and did not find anything wrong …
sent for review, is 4 days and still had no result.
Please help me!
these sites:
www.diariodolitoralnorte.com.br which redirects to www.tvancoradouro.com.br/diario/
and www.tvancoradouro.com.br/

by SteveW
almost 5 years ago

There are some other messages here tagged with “maislex”, but no reports yet of how this hack occurs.

I suspect it is most likely a “remote file inclusion” attack on your PHP pages.
Without knowing exactly how the attack occurs, a generic approach is necessary.

Reasons why Google flags sites:
http://25yearsofprogramming.com/blog/20071223.htm

Most likely reason, however, is it was hacked. So, steps to clean up hack:
http://25yearsofprogramming.com/blog/20070705.htm

Ensure applications (WordPress, etc.) are at latest versions.
If you wrote PHP code yourself, revise to protect against remote file inclusion.

by Kaleh
almost 5 years ago

In addition to the helpful resources SteveW provided, you may want to be aware that at least two pages involve the following:

tvancoradouro .com .br contains hidden iframes, at the bottom of the page, leading to bad sites.

http://www.UnmaskParasites.com/security-report/?page=www.tvancoradouro.com.br
External References
- beidzan .com suspicious – displaying 1 of 1

  • < IF rame > hidden link – http :// beidzan .com/ ?click=109ADA
    - maislex.net suspicious – displaying 1 of 1
  • < IFra me > hidden link – http :// maislex .net/ ?click=5960D

tvancoradouro .com .br /diario/ also contains hidden iframes at the bottom of the page
http://www.UnmaskParasites.com/security-report/?page=www.tvancoradouro.com.br/diario/
External References
- clifedo .net suspicious – displaying 1 of 1

  • < I Fra me > hidden link – http :// clifedo .net/ ?click=79950
    - maislex .net suspicious – displaying 1 of 1
  • < IFr ame > hidden link – http :// maislex .net/ ?click=8CCBF

Edit: As it stands now, the last time Google visited this site was on 2009-07-05. Once you get this cleaned up and evaluate your site based upon the guidelines SteveW offered, you will need to “Request a Review” again, through Google Webmaster Tools.

note: DWAM no results

by denis
almost 5 years ago

Just a reminder, that this hack happens when some malware steals FTP credentials from a local computer. so make sure to:

  • scan your local computer for viruses and spyware
  • change all site passwords

Denis – www.UnmaskParasites.com

by SteveW
almost 5 years ago

“this hack happens when some malware steals FTP credentials from a local computer”

Denis, does that apply with some certainty to any of the particular domains here (beidzan, maislex, clifedo) and others you list at http://blog.unmaskparasites.com/2009/04/29/another-type-of-iframe-hack-php-exploit/ ?

Also wondering about beladen and efradin, two mystifying ones here the past few days.

With gumblar and martuz winding down, it would be logical for them to migrate the same FTP password-stealing methods to a whole bunch of new domains for a long time to come because it’s been so successful, but are they definitely doing that?

With martuz and gumblar it’s easy to tell a webmaster to scan their computer and change passwords, and that’s probably the end of it.

But if it’s not a password theft, focus switches back to on-website security. The old reliable RFI attacks are still around. They never went away, they were just dwarfed by the prevalence of gumblar.

Anyway, just looking for some discussion on this. Gumblar was actually a very easy one to prevent and resolve. If its methods are disappearing, it’s back to the old ways, and webmasters are in for a much more difficult time finding the cause and resolving it.

by aadesign
almost 5 years ago

Thank you for your attention …
I think it could solve the problems …
this was precisely the problem.
If you can check back to see if you have some problem,
thank.

by SteveW
almost 5 years ago

aadesign,

To help others:
Did you scan your computer?
Did you find viruses or Trojans?

Thank you.

by aadesign
almost 5 years ago

I had the backup site, and replace the pages that were related to iframe, but the computer virus was found last week.
Thank you!

About Contact Us Terms & Conditions Privacy Policy Copyright