LinkBack URL
About LinkBacks
Reply With QuoteBarry
If it is one of the sites in your sig I dont get any messages come up mate.
Barry. Sorry but this is seriously bad news I am afraid. I am on my phone so cant post any links. If you go to facebook and search for Save Befuddle group I explain there what I did. I basically had to pull every 3rd party link from my site as I didn't know which was the offending one. Then submitted the site for review. Follow the malware warning links for info. It took 30 days for the malware warning to be removed. Your major issue is that as your site is full of 3rd party content it could be any one of them that may have triggered this. Remove any popups, international counter codes, 3rd party tracking or banners for starters. You should receive an email from Google listing 3 of your pages that are a problem.
Barry
If it is one of the sites in your sig I dont get any messages come up mate.
Yep its Promotional Discount Voucher Codes UK
The main page and a few inner pages don't have warnings but the majority do.
I have just nipped over to stopbadware.org and ran a search and found that the page:-
Promotional Codes is listed.
As such I have removed my TD banner on that page to couponnet.co.uk (as it distributes software, though cant see it being this) and also removed my javascript scroller, I have also removed all of the iframe tracking system thats been on the page for years.
I have submitted a request to stopbadware just now and am sitting and hoping now.
This is just a real bummer, as this site is my main bread winner and has no software or badware on it.
Spose I just have to sit and pray now.
BTW thanks ray for your help.
Ta
sorry barry I see it now on a few pages. I feel for you, I have lost my main site just before christmas with a penalty and I am working on getting back where it belongs.
Barry, I hope you don't have this one.
There is a server hack which is infecting quite a few 'mom and pop' sites on apache/linux hosts in UK and around the world which injects a call for an xxxxx.js file onto html pages which loads a backdoor rootkit keylogger onto Windows PCs via about 13 vulnerabilities. The hack appears to reside in the host's apache memory so is very hard to find and only seems to infect about 12% of visitors and rarely the same IP address sees the js file twice so is very hard to detect.
No one yet knows how the host server is becoming infected and clean systems quickly become infected again. Hosts have been removing access to servers once the infection is discovered to minimise the spread of the malware.
Reading is available from:
ElReg: Mystery web infection grows, but cause remains elusive | Channel Register
Webhostingtalk: Linux servers having CPANEL - js virus hitting - Page 3 - Web Hosting Talk - The largest, most influential web hosting community on the Internet
Securityfocus: SecurityFocus
BBC NEWS | Technology | Poisoned websites attack visitors
The ScanSafe Blog - STAT Blog - Mom & Pop Sites Hit Hard by Host Compromise
Comments on ‘Mass web infection leaves researcher scratching her head’ | The Register
SecureWorks Discovers Protection Against Massive Website Attack Infecting 10,000 Linux/Apache Servers - Research - SecureWorks: Managed, Monitored & On-Demand Security Services
Some interesting reading there mate, thanks.
However I am on a windows machine.
Thinks its time for me to go out and get very drunk, its the only real solution I can come up with.
Ta
Windows machines host apache too. On shared hosting it can be difficult to know what the base OS on the machine is or what is hosted on the other virtual servers on the system.Originally Posted by Barry
The big problem is trying to find any common factor between infected hosts as they all claim to run updated patches on the various versions of software used.
Luckily its a dedicated server so I have root access.
I have edited my website a bit and taken out a few iframes that I used to set my local tracking on and also removed a little scroller that had my latest offers in, but I cant see that it could be anything to do with my coding.
I have also removed the form that was used for users to post deals incase it was being used to post dodgy code.
I am now running the windows malicious software tool on the server and have done a much needed windows update. I hope that this is enough. It looks like it may take some time to scan - so I am off down the pub to sulk.
Thanks
Barry this happend on Billy Bargain about a year a go and my site had been hacked. The hack added one line of javascript right before the </body> tag which was trying to run 3 very dodgy scripts.
Once I'd removed the line and convinced stopbadware.org that my host had put measures in place to stop it - then the alert was removed - took a couple of weeks though.
I can't see anything in your code (even the pages listed on G as bad) but they may have changed their methods since I got hit?
Hope you find what's causing it.
Brett
Brett
Well fingers crossed it seems to have now gone this morning.
Not sure WTF happened.
Ta for all your help all.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Bookmarks