Getting a "malware detected" message on my site

31 replies
what the heck is going on? im getting a malware detected on this site message, with the big red check mark on the page from google?? im using these sites on fb ads, adwords, etc. no wonder we aren't getting any conversions??!!

how can i change this or find out what happened??

my site is hafaeligible.com and shaitownshortsales.com

this sucks??!! how did this happen????
here is the message posted. this obviously scares people away when they get to the site.


contains content from qqmpdseh.changeip.name, a site known to distribute malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
We have already notified qqmpdseh.changeip.name that we found malware on the site. For more about the problems found on qqmpdseh.changeip.name, visit the Google Safe Browsing diagnostic page.
#malware detected #message #site
  • Profile picture of the author MHelix
    Nice design BTW. However I can not reproduce the errors in Google. Googled both domains and no errors were present. Are you using any type of gateway (portal) pages that might be using scraped content?
    {{ DiscussionBoard.errors[6204054].message }}
    • Profile picture of the author HotDamnShortSales
      ive no idea. the only thing i can think of is the person who coded it for me put in malware? it was a guy i found from odesk, he took the design and coded it into html for me. so when you went to the site it didn't give u the message>? maybe its just my browser and spyware settings and virus protection? i hope so. i doubt adwords, would let me run ads if there was issues right?
      {{ DiscussionBoard.errors[6204073].message }}
  • Profile picture of the author Bret Ferguson
    I didn't see anything suspicious when I stopped by both sites.....my virus/malware detection didn't go off either......

    Google has this info

    About malware and hacked sites - Webmaster Tools Help

    and this

    Cleaning your site - Webmaster Tools Help

    - Bret
    Signature


    {{ DiscussionBoard.errors[6204149].message }}
    • Profile picture of the author MissTerraK
      I tried to go to hafaeligible.com and got this message from my AVG LinkScanner Alert:

      Threat was blocked!

      Exploit Blackhole Kit (type 2160)

      Hope this helps.

      Terra

      Edit - I researched it and this is what I found:

      Statistics summary

      Blackhole Exploit Kit is a Webthreat that is spreading. It is currently ranked 1 in the world for online threats. Blackhole Exploit Kit has been detected by AVG on victims' machines in 220 countries during the last month. There are currently 50769 websites in 135 countries that host Blackhole Exploit Kit.
      {{ DiscussionBoard.errors[6204181].message }}
  • Profile picture of the author Elizabeth Fee
    Through my Chrome browser, I get the "Malware Detected" notice, but I don't get it when I visit your site using Firefox.

    I just posted information on another thread here where another WF member is experiencing the same issue. You can read my response there with some steps you can take to further determine what may be going on.
    Signature

    Elizabeth Fee
    The Niche Mom - My personal blog to inspire and guide you towards earning an income online.

    {{ DiscussionBoard.errors[6204201].message }}
  • Profile picture of the author Bret Ferguson
    Yep. Chrome comes up with the warning "this site......."
    Firefox didn't, Safari didn't and IE didn't. Interesting.

    The first visit with Chrome I had a "Javascript update needed" which I did not update. I then refreshed and got the above message.
    Signature


    {{ DiscussionBoard.errors[6204417].message }}
  • Profile picture of the author HotDamnShortSales
    i tried with IE, no message, but its a chrome thing I guess. which means everyone that clicks my ads and goes to the site gets this message? no wonder i wasn't getting any leads, not a one, but I was getting great traffic. this site is a high converting website, I dominate the market here in Chicago. HOW can I fix this? here is info I got from google about "safe browsing".

    Safe Browsing Privacy Policies ? Google
    {{ DiscussionBoard.errors[6204423].message }}
  • Profile picture of the author HotDamnShortSales
    this sucks! it HAD TO BE the guy from odesk, as i gave him (my stupid, trusting, fault), some guy named muhamed my hostgator login and cpanel info. yea, i know, jackass me.

    this is the only way I can think someone could have accessed my sites. is this an easy fix, i spent a lot of time and money on these sites and we have just sent out thousands of postcards and direct mail driving people to the site(s)??!!!
    {{ DiscussionBoard.errors[6204432].message }}
  • Profile picture of the author Bret Ferguson
    You may want to delete your site and upload a "clean" file.
    Signature


    {{ DiscussionBoard.errors[6204471].message }}
  • Profile picture of the author mindreaderwriter
    Banned
    Hi Warriors,

    I once worked for Microsoft PCSafety Technical Support team (now, Microsoft Answer Desk). I was the one responsible in finding solutions when all Tiers have run out of solutions to security-related issues, and communicating it directly to my PTLs in Microsoft.

    I had a client who reported a security threat in one of his sites. What's happening to you all is a browser-redirection issue. It's either there's a script added to your .htaccess file (or some other files) which detects the browser that you're using and its version. I reproduced the problem on two browsers: Google Chrome and IE9 (64-bit). Both hafaeligible.com and shaitownshortsales.com redirect me to Google's warning message of a potential threat. Checking it in IE9, both sites are showing up.

    How did that happen? Whoever is responsible in injecting that script to your .htaccess file (or any other file), he/she might have selectively targeted Chrome users. I'm not saying I'm 100% sure because I haven't taken a look at your .htaccess file yet and all files within your CPanel.

    I checked both sites from virustotal.coml and it turned out that hafaeligible.com is the only one detected as a threat by Google Safebrowsing.

    I have saved the results of VirusTotal.com because I can't post them in here. I need to accumulate at least 15 posts to include links in my posts.

    Don't reset everything. That's not a solution but a workaround.
    You need someone who can also see what I can see to fix that.
    {{ DiscussionBoard.errors[6204518].message }}
  • Profile picture of the author Valdor Kiebach
    If the site is in HTML as you say then it will easy to find the malicious code and remove it.

    You need to change your cpanel password at least and also check to make sure there isnt a script on your site that is being used as a backdoor.

    If you want to pm me FTP login I will take a look for you.
    {{ DiscussionBoard.errors[6205409].message }}
    • Profile picture of the author HotDamnShortSales
      I just got an email from sparktrust saying they found malicious code in my site. I wants me to click link to see more info. Is this legit and safe?
      {{ DiscussionBoard.errors[6205830].message }}
  • Profile picture of the author HN
    Banned
    It doesn't have to be the odesk guy. You might have visited a site with a virus, the virus installed on your computer. It then found your FTP client and the password file and was able to connect to your server to install the malware. Most of us are lazy and save the FTP passwords on HDD. I figured this out when malware was installed on 3 different hosting accounts the same day (2 hostgator and 1 extreme hosting account). It added a simple base64 encoded script to index.php files on 50 different domains. I spent whole day cleaning my files. I was able to detect which files were infected when I sorted the files by 'modified date'. Luckily the malware left a trace, if it didn't change the 'date' I'd probably spent several days.
    {{ DiscussionBoard.errors[6205918].message }}
  • Profile picture of the author Kingfish85
    I'd suggest you have your hosting company run a scan to find out what files have been uploaded/changed, then remove/replace those files.
    {{ DiscussionBoard.errors[6206115].message }}
  • Profile picture of the author Jamaican2011
    contact your hosting company and they can delete it for you! I had a problem with my database and all of the popular browsers and anti-virus software were giving me errors whenever i opened any of my 2 blogs. I sent a simply email to Hostgator and they said somehow someone injected a malware and they went ahead and speedily deleted it for me! So I suggest contacting your hosting company.

    Do you use wordpress by the way?
    {{ DiscussionBoard.errors[6206178].message }}
    • Profile picture of the author HotDamnShortSales
      yes, its wordpress, i was definitely hacked, because i USED to think it was good to approve comments on my blog, well they were all hackers and i bet that's how they got in.
      {{ DiscussionBoard.errors[6227903].message }}
      • Profile picture of the author mindreaderwriter
        Banned
        HotDamnShortSales - PM me your Skype ID so I can help you sort this out. I already mentioned in my previous post for you on how this can be fixed.


        Originally Posted by HotDamnShortSales View Post

        yes, its wordpress, i was definitely hacked, because i USED to think it was good to approve comments on my blog, well they were all hackers and i bet that's how they got in.
        {{ DiscussionBoard.errors[6228778].message }}
  • Profile picture of the author Sumit Menon
    Firefox says it's a Reported Attack Site... I would call Hostgator and request them to clean it up.
    {{ DiscussionBoard.errors[6206204].message }}
    • Profile picture of the author HotDamnShortSales
      they said they found malicious code and removed it, BUT, im still getting the same message in my chrome browswer and i had others check too. now i have to explain evertthing to google adwords. not fun
      {{ DiscussionBoard.errors[6227898].message }}
  • Profile picture of the author DWaters
    Is it common that hosting companies will scan your sites and remove malicious script for you? My host does not have this service. Some of my site are currently infected and it has been very frustrating trying to get them fixed. For future sites I expect I will be changing to a new host.
    Signature
    How I really Make Money With Amazon

    Want to get rich with top rated FREE Super Affiliate Training?
    {{ DiscussionBoard.errors[6265666].message }}
    • Profile picture of the author Kingfish85
      Originally Posted by DWaters View Post

      Is it common that hosting companies will scan your sites and remove malicious script for you? My host does not have this service. Some of my site are currently infected and it has been very frustrating trying to get them fixed. For future sites I expect I will be changing to a new host.
      A lot of web hosts do, and a lot of web hosts don't. It really depends on the quality of the company itself.
      {{ DiscussionBoard.errors[6265681].message }}
    • Profile picture of the author cashp0wer
      Firefox didn't warn me of anything at all. I then opened Google Chrome and tried it and got the malware warning message.
      Signature
      My Internet Marketing Blog - Warts And All!
      {{ DiscussionBoard.errors[6265686].message }}
  • Profile picture of the author lukedidit
    I would seriously recommend using wordfence to clean up your site, its a lot easier then it sounds. Check out the video I made on it - skip to 6.00 minutes if you want to get to the point and not listen to me rambling to much.

    Wordfence Plugin Review
    {{ DiscussionBoard.errors[6265711].message }}
  • Profile picture of the author azmanar
    Hi,

    Hope you've resolved it by now from the advise of mindreaderwriter.

    When such Browser-based Flags were raised for your web sites, the first thing to do is visit your .HTACCESS file in the web server.

    There could be new lines injected to it WHEN you installed some seemingly honest web-based apps such as FREE WP Themes, WP Plugins and etc.

    Check the rights to the .htaccess file. It should never be 666 nor 777. If it is, you're opened to risks of people altering it.

    I'd delete the .HTACCESS in the web root instantly ( and make a new new one if its necessary to have one by some membership apps ). Make sure the rights for the .htaccess file is set to 644. In fact, there should not be any file with file permission higher than 644 in the web root. Directories ( Folders ) are usually 755.

    See whether you've resolved it.

    If you still have your sites flagged as malicious by Google, then the next step is to look at the plugins you've installed. Update them and deactivate the ones you no longer need ( delete them would be better because it could have been altered ).

    If you still get the flags, you need to check your webstats such as Webalizer to see whether there are strange files that some visitors are trying to access. Those files could be the culprits. Seek help from your web hosts or delete them d-i-y.

    Here are 2 other risky spots to look at when you're using WP.

    I think you know very well that WP images upload directories are sometimes having 777 permission. With this permission, the public can alter your files or upload some malicious scripts into the directory. Make sure you change the Directory permission to 755 after uploading images and etc.

    The same thing for your WP Theme Files. To enable custom editing of the php, javascript and css files, you may need to set the rights to 666. I'd reset them to 664 after I'm done.

    Just some precautions to take.
    Signature
    === >>> Tomorrow Should Be Better Than Today

    {{ DiscussionBoard.errors[6286538].message }}
  • Profile picture of the author DWaters
    Azmanar - thanks for the good suggestions on the permissions. I recently started using a free plugin BulletProof Security. One of its many features is that it tells you what your current permissions are and what they should be so you can keep on top of this.
    Signature
    How I really Make Money With Amazon

    Want to get rich with top rated FREE Super Affiliate Training?
    {{ DiscussionBoard.errors[6291097].message }}
    • Profile picture of the author azmanar
      Hi DWaters,

      THANKS ! This plugin would be handy for people who dislike using FTP client.

      The display of file permissions is a great advantage, instead of manually browsing directories via an FTP client.
      Signature
      === >>> Tomorrow Should Be Better Than Today

      {{ DiscussionBoard.errors[6291159].message }}
  • Profile picture of the author savvybizbuilder
    Your site hafaeligible.com contains malware when I try browsing it but there's no problem with the other site. Even my avast anti-virus doesn't detect any malware on that site.
    {{ DiscussionBoard.errors[6291140].message }}
  • Profile picture of the author Suzzithe1
    you can download free malware cleaner from microsoft site:
    microsoft.com/security/pc-security/malware-removal.aspx

    Hopefully it will help you.
    {{ DiscussionBoard.errors[6291317].message }}
    • Profile picture of the author so11
      Hello, hopefully your issue is already resolved. If not, Id recommend scanning your site with Web application security scanner. Stay away from free tools available on the Internet, because usually they produce lots of false positive/negative results, which will misguide you.

      Unfortunately, regular antiviruses wont help in this situation. Id recommend finding a good security firm and just outsource it, because this kind of work requires some skills.

      best of luck,

      so11
      Signature
      www.groupesoloviev.com
      We help businesses manage cyber risk and compliance requirements.
      {{ DiscussionBoard.errors[6334671].message }}
  • Profile picture of the author ausnetit
    HI All,

    Any Script can we found here to clean this codes?

    Thanks
    {{ DiscussionBoard.errors[6679508].message }}

Trending Topics