Discussion in 'Black Hat SEO' started by danhoff, Dec 3, 2010.
WTF is "This site may be compromised"
I have this next to my sites in google results.
It happened to a few of my sites and they all had some crappy code injected into their index php files (wordpres sites), so once I removed that virus/Trojan/or whatever it was, Google removed the warnings automatically in a matter of days
Thanx mate !!
Happened to me too - they injected so much stuff into my sites, I had to ask the host to have a look - they ran a script which instantly disinfected all the malware for which I was very grateful. Was back in Google next day.
Newb question, who did the injecting, and how did they do it without a password?
Same here. Had an old version of Wordpress running. Injection caused Firefox and Google to both display warnings. Updated to the latest version of Wordpress, and then it was fine within a few days.
If i am not wrong (and if i am I am sorry just throwing my 2cent out there lol) its just because of some mal ware just like mentioned before Remote sql incetion could be the cause since i heard about wordpress having some problems with that.. again i am just making assumptions though
I would suggest changing all your passwords to avoid this from happening again
If its a problem with SQL injections as someone mentioned then it doesn't really matter if you change pass or not. It's a problem with the engine imho.
The most interesting thing is that my sites are HTML, no wordpress no php. My server is maleware / virus free.
Pherhaps you should check for femaleware, too?
Sorry, that was lame. Are you sure you aren't hosting any .exe files that might be bad news?
I'm sure, plus i asked my hosting company to double check everything. All is clean.
If you are not running scripts with vulnerabilities, then they have control of the server or your FTP passwords
Yep,sounds alot like the old Gumblar.cn , Virus and other variations.
You visit a site and they add a undetected trojan to your comp that steals
all FTP passwords and then the virus connects to your ftp and injects the code.It is done all viral/automatic.When someone visits your site they get infected and so on & so on and it spreads like wild fire.
Scan and clean your comps in safe-mode with a couple different UPDATED anti-virus/spyware programs and change all your FTP passwords,just to be safe.
Try to remove it asap. Google gradually de-indexes sites they flag like that.
My support had scaned my server using CmalAV and hothing was found, no viruses, no trojans, etc. I also scaned my PC with McAfee and all is good.
I have no clue what is going on.
Check the security of your server. How secured is your site? Has there been a hacking attempt? Probably an unauthorized person has dropped some malicious codes on some website files.
Any more ideas how to get rid of this shit ?
could be that somebody (one of your competitors) reported you to google. you should ask google directly why they are marking your site as compromised.
Did you get re-infected ? I noticed your original post is from last year.
If you cleaned up everything last year and did not get reinfected but goog still shows "this site may be compromised" have your host take a look again to be sure you do not have some stealth code , some infections only show up when you access site through Google search but do not show up when you access the site directly.
If your host clears the site as clean login to your Webmaster Tools account
Click Diagnostics -> Malware
does anything show up there?
If you are sure your site is clean, use the Webmaster Tools interface to request malware review
If you got reinfected since last year
- have you changed all your logins and passwords?
- did you run virus scan on all your computers with at least TWO or THREE virus/malware scanners and then changed your logins and passwords again?
- do you run any php based website pages on that webspace? are they all updated to the newest version?
Sometimes it may not be the user, but the host. We have seen whole server farm compromised as well. Just google
godaddy servers compromised
Separate names with a comma.