"This site may be compromised" warning from Google

Brian Alaway

13 years ago

Make sure your site ip hasn't been blacklisted: Email Blacklist Check - See if your server is blacklisted

[ 1 ] Thanks
1 reply

Signature

How to Configure Secure FTP

{{ DiscussionBoard.errors[3662455].message }}

Cool Hand Luke

13 years ago

Originally Posted by Brian Alaway

Make sure your site ip hasn't been blacklisted: Email Blacklist Check - See if your server is blacklisted

Forgive me, I'm not great with the technical stuff: How do I find my site IP and why would it be blacklisted? Its brand new and I haven't done anything with it yet.

Thanks
2 replies

{{ DiscussionBoard.errors[3662544].message }}

LaurenceandDonnaSwann 13 years ago

We too have seen these errors and when I googled the error it seems that this was a Firefox issue. Have you tried to access the site in multiple browsers? might be worth investigating?

D & L
- Thanks
Signature
www.LaurenceandDonnaSwann.com

Check out our FREE 7 day Internet Marketing Bootcamp - a must if your serious about making 6 figures online!
{{ DiscussionBoard.errors[3662648].message }}

Brian Alaway

13 years ago

Originally Posted by Cool Hand Luke

Forgive me, I'm not great with the technical stuff: How do I find my site IP and why would it be blacklisted? Its brand new and I haven't done anything with it yet.

Originally Posted by Cool Hand Luke

Forgive me, I'm not great with the technical stuff: How do I find my site IP and why would it be blacklisted? Its brand new and I haven't done anything with it yet.

Go to a command prompt (start/run/cmd on a pc or use the network utility on a mac) and type:
ping yourdomain.com
the group of numbers returned, that's your site ip

if you're using cPanel you can also find it listed there - usually on the left sidebar

If you're on shared hosting, your ip is used by every other site that "shares" that server. If one of those sites get's the ip banned because of their bad behavior, you're affected (you can always get a dedicated ip approx. $2/month from HG)

Thanks

Signature

How to Configure Secure FTP

{{ DiscussionBoard.errors[3663228].message }}

HeySal

13 years ago

What's your URL? Sounds like an injection virus - your malware program wasn't going to detect it. I'll check it out if you put your URL on here. If you can't just post it without the www. and I'll just cut and paste it.

Thanks
1 reply

Signature

Sal
When the Roads and Paths end, learn to guide yourself through the wilderness
Beyond the Path

{{ DiscussionBoard.errors[3662687].message }}

Cool Hand Luke 13 years ago

..........
- Thanks
{{ DiscussionBoard.errors[3662814].message }}

edwood

13 years ago

Hi,

This happened to me two years ago. The site had been hacked and malicious code had been added to some pages. It was quite a shock to see a Google warning show up in the results.

Anyway, I went to scriptlance.com and posted this project...

Title: Website security issues

My website has been hacked and malicious code added to some pages.

I'm looking for someone to find/eliminate any bad code and also to find and block whatever approach is being used to access the site.

Thanks.

I found a guy who fixed the problem AND got me whitelisted on Google within a couple of hours at a cost of just $45.

I hope that helps.

Michael

[ 3 ] Thanks

Signature

WSO

--> Grab PLR to this FUN Ebook! <--

(Affiliates: Earn 100% Commissions)

{{ DiscussionBoard.errors[3663344].message }}

Brian Alaway

13 years ago

other places/ways to run a check:

Website Security Check - Unmask Parasites

Show malicious code from websites

Sucuri - Monitor & Scanner dashboard

PHP script searches for malicious code on a hacked server

WordPress › Exploit Scanner « WordPress Plugins

[ 1 ] Thanks

Signature

How to Configure Secure FTP

{{ DiscussionBoard.errors[3663488].message }}

Linda_C

13 years ago

Go post a support ticket at hostgator -- tell them about the google warning and ask them if they can help. They may fix it for you, and even if they don't fix it, they'll tell you what it is - then you know.

Thanks

{{ DiscussionBoard.errors[3663861].message }}

Floyd Fisher

13 years ago

Originally Posted by Cool Hand Luke

So my new site which, after some warrior backlinking, spent 2 days on page 1, position 5 of google for my chosen keyword has now been completely removed from the rankings and when I type the URL into Google, it says "This site may be compromised". So I checked another one of my sites from the same hosting account(host gator) and it gets the same warning from Google as well(I hadn't even backlinked this site, it has JUST been designed by another warrior).

Naturally, I thought either of the sites was hacked, but I used Google's webmaster malware tool to scan the sites, and got nothing. There are no new codes, no spam, NOTHING. Heck, the sites are almost new. The passwords are all random, numbers and letters jumbled together, and everything is up to date.

SO:
Any ideas how to fix this Warriors? I put SO MUCH time and energy into this site, and I can't believe this kind of BS has happened. What steps should I take? Has this happened to anyone?

Help, please?

Can you post a url, so we can check ourselves and see if there actually is any malware on there?

Thanks

{{ DiscussionBoard.errors[3663937].message }}

Joe J

13 years ago

I also had a similar message on a google search of my site.

I ran it through Google's malware check fine, submitted a ticket with them.

Submitted a ticket with Hostgator and waiting for replies back from both.

I also noticed on my Hostgator's reseller's account that it was listed as undefined and not listed under the regular package name I originally set it up in.

I'll post back with results when they come in.

Joe

Thanks
1 reply

{{ DiscussionBoard.errors[3664031].message }}

Joe J

13 years ago

Originally Posted by Joe J

I also had a similar message on a google search of my site.

I ran it through Google's malware check fine, submitted a ticket with them.

Submitted a ticket with Hostgator and waiting for replies back from both.

I also noticed on my Hostgator's reseller's account that it was listed as undefined and not listed under the regular package name I originally set it up in.

I'll post back with results when they come in.

Joe

I just received my reply back from Hostgator that read:

"Hello,

Reviewing the account it was found that malicious content was injected through FTP access using a compromised password. Typically this is due to a virus infecting a computer that is used to manage the account. We strongly recommend running an updated antivirus scan on all computers that are used to manage the account.
At this time we are scanning and removing the mallware from the account..."

I don't understand because this is after google's scan showed that it was fine.

I'll post back when I get google's take on the matter.

Hope that gets you a little closer to an answer for your problem Cool Hand Luke.

Joe

Thanks
2 replies

{{ DiscussionBoard.errors[3664395].message }}

Cool Hand Luke

13 years ago

Originally Posted by edwood

Hi,

This happened to me two years ago. The site had been hacked and malicious code had been added to some pages. It was quite a shock to see a Google warning show up in the results.

Anyway, I went to scriptlance.com and posted this project...

Title: Website security issues

My website has been hacked and malicious code added to some pages.

I'm looking for someone to find/eliminate any bad code and also to find and block whatever approach is being used to access the site.

Thanks.

I found a guy who fixed the problem AND got me whitelisted on Google within a couple of hours at a cost of just $45.

I hope that helps.

Michael

Thanks Michael, I may do something like this. I'm not familiar with scriptlance at all, so I may see if there are any warriors who can do this.

Originally Posted by Linda_C

Go post a support ticket at hostgator -- tell them about the google warning and ask them if they can help. They may fix it for you, and even if they don't fix it, they'll tell you what it is - then you know.

Thanks Linda, I did exactly this earlier. HostGator's security team says that one of my blogs that shared my hosting plan with the hacked sites was attacked because it hadn't been updated to the latest wordpress settings and the hacker gained access to all of my sites. I deleted that blog's wordpress, took it off my hosting's DNS servers, changed all of my passwords for the sites still on that hosting plan(cpanel, wp-admin, etc) and made sure everything is updated. Now, the spam SEEMS to be gone, but I'm still waiting to hear back from HostGator and then of course I need to re-submit to Google.

Originally Posted by Floyd Fisher

Can you post a url, so we can check ourselves and see if there actually is any malware on there?

How to impress a girl site dot com is the URL and my other site attacked is get girls in bed dot com (neither are nsfw or adult in case you were wondering, they are affiliate blogs in the dating/seduction niche). Please do let me know if anyone sees anything.

Thanks SO MUCH for all the replies, I appreciate the Warrior's help.

Thanks

{{ DiscussionBoard.errors[3665091].message }}

Joe J

13 years ago

Originally Posted by Joe J

I just received my reply back from Hostgator that read:

"Hello,

Reviewing the account it was found that malicious content was injected through FTP access using a compromised password. Typically this is due to a virus infecting a computer that is used to manage the account. We strongly recommend running an updated antivirus scan on all computers that are used to manage the account.
At this time we are scanning and removing the mallware from the account..."

I don't understand because this is after google's scan showed that it was fine.

I'll post back when I get google's take on the matter.

Hope that gets you a little closer to an answer for your problem Cool Hand Luke.

Joe

I just did another google search for my site and the message is gone.

Didn't receive any correspondence from google so I don't know exactly where the cause of or the removal of the message came from.

My uneducated guess is a combination of Hostgator scanning and removing something wrong and google rechecking the site and coming up clean with their findings.

Probably will remain a mystery to me.

Joe

Thanks

{{ DiscussionBoard.errors[3667362].message }}

RichardDean

13 years ago

If your using a wordpress blog and some plugins one might have a hole in it.

I got a blog ready made from WF and installed it... BAM same thing happen to me... within about 3 weeks. I been using WP for years with no problem... I took that ready made blog off fixed over 40 domains, some not fixed yet... been about a month and everything is fine again...

Now should I take the chance and install that one again...I'm holding off.

Hope that helps

Rich

Thanks

Signature

5 Minute Mobile Sites... My Next WSO Comming Soon.

{{ DiscussionBoard.errors[3664147].message }}

Kobzon

Banned 13 years ago

[DELETED]

{{ DiscussionBoard.errors[3665417].message }}

pdm1 13 years ago

I checked both sites using firefox, both seem ok on my side.
No warnings or anything?..
- Thanks
{{ DiscussionBoard.errors[3665506].message }}

Headfirst

13 years ago

If you're getting a google warning page, its a safe bet that you've been compromised. It's always better to be safe than sorry. Having a compromised site puts YOU at legal liability for any infections clients or their clients get from the site.

I recommend Sucuri.net for scanning and removal of this stuff.

I have Sucuri.net scan all of my client sites every hour so I can address anything before it becomes an issue.

Thanks

Signature

Golf Outing Sponsor Signs, Banners and Flags||Plymouth, MI Marketing || Plymouth Dentist

{{ DiscussionBoard.errors[3665630].message }}

HeySal

13 years ago

Luke - What you have if it went in via FTP is a keylogger. AVAST will detect it but won't remove it.

Google "download TDSSkiller" - it's free (from Kapersky) Use it. It's the only thing I've found to remove these things.

Thanks
1 reply

Signature

Sal
When the Roads and Paths end, learn to guide yourself through the wilderness
Beyond the Path

{{ DiscussionBoard.errors[3671060].message }}

Tiger_Claw 13 years ago

Greetings,

I have just had this problem crop up on one of my sites. In the Google Webmaster tools there is no indication of any malware being installed on the site, etc. I submitted a ticket to Google and am requesting that they review the site because I have no idea why this would crop up on one site that I manage and not others?

The site was originally knocked off their charts. While, it was still indexed in their search engine it was gone from the first page. Now? It's back on the first page with the warning:

This site may be compromised.

This can not be good for the site even if it is on the first page. I am going to contact hostgator and see what they recommend.
- Thanks
{{ DiscussionBoard.errors[3683934].message }}

ultradeal

Banned 13 years ago

[DELETED]

{{ DiscussionBoard.errors[3683943].message }}

Tiger_Claw 13 years ago

Originally Posted by ultradeal

Make sure to back-up often. It can save you a lot of trouble.
Use Strong passwords.

Well, I noticed this problem cropped up shortly after I listed the site for sale on a popular flipping site. I wonder if this happened because I installed their meta tag verifying script on the site?

Maybe it's just a coincidence.
- Thanks
{{ DiscussionBoard.errors[3683974].message }}

Tiger_Claw

13 years ago

Well,

The page is still listed on the first page of google as being compromised. Seems like they're taking their time in re-evaluating it, etc. Even their webmaster tools doesn't locate any sort of malware or anything in regards to the site.