1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google: "This site may be compromised" next to my sites i results pages

Discussion in 'Black Hat SEO' started by danhoff, Dec 3, 2010.

  1. danhoff

    danhoff Power Member

    Joined:
    May 11, 2010
    Messages:
    767
    Likes Received:
    55
    WTF is "This site may be compromised"

    I have this next to my sites in google results.
     
  2. hpv222

    hpv222 Power Member

    Joined:
    Feb 8, 2010
    Messages:
    736
    Likes Received:
    274
    It happened to a few of my sites and they all had some crappy code injected into their index php files (wordpres sites), so once I removed that virus/Trojan/or whatever it was, Google removed the warnings automatically in a matter of days
     
    • Thanks Thanks x 1
  3. danhoff

    danhoff Power Member

    Joined:
    May 11, 2010
    Messages:
    767
    Likes Received:
    55
    Thanx mate !!
     
  4. deezydiamonds

    deezydiamonds Newbie

    Joined:
    Mar 16, 2010
    Messages:
    35
    Likes Received:
    11
    Happened to me too - they injected so much stuff into my sites, I had to ask the host to have a look - they ran a script which instantly disinfected all the malware for which I was very grateful. Was back in Google next day.
     
  5. RalphyBoy

    RalphyBoy Regular Member

    Joined:
    Jul 19, 2008
    Messages:
    378
    Likes Received:
    52


    Newb question, who did the injecting, and how did they do it without a password?
     
  6. Shane1

    Shane1 Registered Member

    Joined:
    Dec 2, 2010
    Messages:
    74
    Likes Received:
    1
    Same here. Had an old version of Wordpress running. Injection caused Firefox and Google to both display warnings. Updated to the latest version of Wordpress, and then it was fine within a few days.
     
  7. Prodige

    Prodige Regular Member

    Joined:
    Mar 24, 2009
    Messages:
    455
    Likes Received:
    97
    If i am not wrong (and if i am I am sorry just throwing my 2cent out there lol) its just because of some mal ware just like mentioned before :) Remote sql incetion could be the cause since i heard about wordpress having some problems with that.. again i am just making assumptions though :)
     
  8. masteraffmarket

    masteraffmarket Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 5, 2008
    Messages:
    585
    Likes Received:
    448
    Occupation:
    Owning Google
    Location:
    Inside Your Mind
    Home Page:
    I would suggest changing all your passwords to avoid this from happening again
     
  9. rever20

    rever20 Junior Member

    Joined:
    Jan 11, 2010
    Messages:
    144
    Likes Received:
    21
    If its a problem with SQL injections as someone mentioned then it doesn't really matter if you change pass or not. It's a problem with the engine imho.
     
  10. danhoff

    danhoff Power Member

    Joined:
    May 11, 2010
    Messages:
    767
    Likes Received:
    55
    The most interesting thing is that my sites are HTML, no wordpress no php. My server is maleware / virus free.
     
  11. huzah

    huzah Newbie

    Joined:
    Nov 10, 2010
    Messages:
    41
    Likes Received:
    10
    Pherhaps you should check for femaleware, too?

    Sorry, that was lame. Are you sure you aren't hosting any .exe files that might be bad news?
     
    • Thanks Thanks x 1
  12. danhoff

    danhoff Power Member

    Joined:
    May 11, 2010
    Messages:
    767
    Likes Received:
    55
    I'm sure, plus i asked my hosting company to double check everything. All is clean.
     
  13. deezydiamonds

    deezydiamonds Newbie

    Joined:
    Mar 16, 2010
    Messages:
    35
    Likes Received:
    11
    If you are not running scripts with vulnerabilities, then they have control of the server or your FTP passwords
     
  14. Sikez

    Sikez Newbie

    Joined:
    Apr 15, 2009
    Messages:
    44
    Likes Received:
    10
    Yep,sounds alot like the old Gumblar.cn , Virus and other variations.

    You visit a site and they add a undetected trojan to your comp that steals
    all FTP passwords and then the virus connects to your ftp and injects the code.It is done all viral/automatic.When someone visits your site they get infected and so on & so on and it spreads like wild fire.

    Scan and clean your comps in safe-mode with a couple different UPDATED anti-virus/spyware programs and change all your FTP passwords,just to be safe.
     
    Last edited: Dec 4, 2010
  15. ScrapeBoss

    ScrapeBoss Elite Member Premium Member

    Joined:
    Nov 25, 2010
    Messages:
    1,865
    Likes Received:
    669
    Location:
    123.456.789.012.345.678.901.234.567
    Home Page:
    Try to remove it asap. Google gradually de-indexes sites they flag like that.
     
  16. danhoff

    danhoff Power Member

    Joined:
    May 11, 2010
    Messages:
    767
    Likes Received:
    55
    My support had scaned my server using CmalAV and hothing was found, no viruses, no trojans, etc. I also scaned my PC with McAfee and all is good.

    I have no clue what is going on.
     
  17. ScrapeBoss

    ScrapeBoss Elite Member Premium Member

    Joined:
    Nov 25, 2010
    Messages:
    1,865
    Likes Received:
    669
    Location:
    123.456.789.012.345.678.901.234.567
    Home Page:
    Check the security of your server. How secured is your site? Has there been a hacking attempt? Probably an unauthorized person has dropped some malicious codes on some website files.
     
  18. danhoff

    danhoff Power Member

    Joined:
    May 11, 2010
    Messages:
    767
    Likes Received:
    55
    Any more ideas how to get rid of this shit ?
     
  19. nicofan

    nicofan Junior Member

    Joined:
    Jul 25, 2010
    Messages:
    135
    Likes Received:
    77
    Occupation:
    unemployed, unemployed, unemployed, unemployed, un
    Location:
    LOLercoaster
    could be that somebody (one of your competitors) reported you to google. you should ask google directly why they are marking your site as compromised.
     
  20. TogaPartee

    TogaPartee Newbie

    Joined:
    May 5, 2011
    Messages:
    42
    Likes Received:
    14
    Did you get re-infected ? I noticed your original post is from last year.

    If you cleaned up everything last year and did not get reinfected but goog still shows "this site may be compromised" have your host take a look again to be sure you do not have some stealth code , some infections only show up when you access site through Google search but do not show up when you access the site directly.

    If your host clears the site as clean login to your Webmaster Tools account

    Click Diagnostics -> Malware
    does anything show up there?

    If you are sure your site is clean, use the Webmaster Tools interface to request malware review

    Code:
    google.com/support/webmasters/bin/answer.py?hl=en&answer=168328
    If you got reinfected since last year
    - have you changed all your logins and passwords?
    - did you run virus scan on all your computers with at least TWO or THREE virus/malware scanners and then changed your logins and passwords again?
    - do you run any php based website pages on that webspace? are they all updated to the newest version?

    Sometimes it may not be the user, but the host. We have seen whole server farm compromised as well. Just google
    godaddy servers compromised