Hi Everyone, Could I ask for some help please I hav
by MisterDaves
over 5 years ago

Hi Everyone,

Could I ask for some help please I have recently been notified by google that my website is a reported attack site. I have tried to clean the site and resubmit the site for google clearance but they are still saying that we are distributing ‘malware’ and I really can’t find where the problem is on the site?

This is what the google webmaster tools have said
There are links found to these sites on yours that currently seem to host malicious software:

94.247.2.0/

gogo2me.net/

and

protection-livescan.com/

Also there is mention of a network which your site seems to be a member

that hosts malicious content: AS13768 (PEER1)

http://www.google.com/

For this above issue you may want to contact your hosting provider or server administrator. It could be a local or data-center issue.

Thanks in advance for any help.

Dave

by provos
over 5 years ago

You didn’t tell us what your web site is but I suspect it is something along these lines:

http://www.provos.org/index.php?/archives/55-Using-htaccess-To-Distribute-Malware.html

Niels.

by denis
over 5 years ago

This article tells about the "protection – livescan .com" part of the problem.

Regarding the "gogo2me" part of the problem, search for something like
<del>-</del>———————-
<iframe src=‘http://url/’ width=‘1’ height=‘1’ style=‘visibility: hidden;’></iframe><script>function c102916999516l4956a7e7c979e(l4956a7e7c9b86){…"
<del>-</del>———————-
inside you HTML files. It is usually right after <body> tag or after the closing </html> tag. You should remove this code, write protect files and change your passwords. Not sure if this is enough to prevent re-infections. I still don’t know which vulnerability is being exploited.

Denis
http://www.UnmaskParasites.com

by MisterDaves
over 5 years ago

Hi Niels and Denis

My website sells betting software and we have been online for almost 5 years now and never had a problem until now.

Denis I did find some Java Script entries right after the body tag and the closing html tag also. I spent about 4 hours yesterday cleaning every page I could find in the directory and I have checked them in the UnmaskParasites checker and all are showing clean however it seems that google still think there is a problem?

I don’t seem to be able to get to the bottom of where the actual links are to the problem sites.

I don’t have a .htaccess file to hijack to my knowledge Niels.

It really has stumped me and as you may imagine its costing us some serious money in new customers.

I’ll have a look through the suggestions.

Many thanks and any other ideas please shout out!

Thanks again
Dave

by denis
over 5 years ago

Dave,

Once you clean up your site you should request a review via Google’s Webmaster Tools. This will speed up the process (if it’s really clean).

Denis.

by MisterDaves
over 5 years ago

Hi Denis

Just to let you know that I found a rogue page that was still in the directory named ‘index.html.bak’ so I viewed source and the bottom of the page after the closing </html> tag as you said had a load of sites listed (adult mainly) so I have deleted the page completely and resubmitted to google. So fingers crossed.

Just thought it may help someone else if they encounter problems, just look for those strange named pages!

Thanks for your help.

Dave

About Contact Us Terms & Conditions Privacy Policy Copyright