| 2:46 pm on Jul 27, 2009 (gmt 0)|
They published this on their own website about their own website? They're warning people about their own site?
| 3:11 pm on Jul 27, 2009 (gmt 0)|
No, it appears to come from Google. Here's part of the message
Site is listed as suspicious - visiting this website may harm your computer.
Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 1 pages that we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2009-07-10, and the last time that suspicious content was found on this site was on 2009-07-10.
Malicious software is hosted on 3 domain(s), including (specifics removed).
3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including (specifics removed).
This site was hosted on 1 network(s) including AS16557 (COLOSOLUTIONS).
[edited by: encyclo at 4:33 pm (utc) on July 27, 2009]
[edit reason] removed specific references to malware sites [/edit]
| 3:26 pm on Jul 27, 2009 (gmt 0)|
|I've been asked to look at a website... |
I believe I'd have to decline.
| 3:34 pm on Jul 27, 2009 (gmt 0)|
Somebody reported to me that my company's website gave their browser a similar message. I never have a problem visiting it and don't know what caused it.
Actually it happened more than once-I got an email from a prospective client ~from~ my website complaining of the same thing once.
| 4:42 pm on Jul 27, 2009 (gmt 0)|
This kind of warning from Google happens because their crawler has detected that the site (or at least the specific page) has been compromised. It is extremely rare to get a false positive, so you must take the warning seriously.
It could just be the contact form which was hacked, but depending on other factors (such as any CMS script you are using or if passwords or other details are stored on the server) the entire server could be hacked too.
At the very least, you must take the contact form offline as soon as possible, and ideally you should review the entire site content and revert to a known backup on a different server.
| 4:48 pm on Jul 27, 2009 (gmt 0)|
Thanks for this.
I suspected that it relates to some sort of script. It also shows this text;
"You can learn more about malware and how to protect yourself at StopBadware.org. "
Unfortunately the site owner is a friend of one of my existing clients so I need to look after them!
I'll suggest completely cleaning the site.
| 5:31 pm on Jul 27, 2009 (gmt 0)|
Encyclo, my site doesn't even HAVE a form to fill out. What else do I need to look at? It's hosted by a well known company.
| 10:45 pm on Jul 27, 2009 (gmt 0)|
There can be any number of server-side scripts which, if not updated, can cause problems. Do you have any content-management system or blog script installed? If you don't, another possibility is that your FTP credentials have been compromised - there is a worm variant going the rounds which infects your local machine and steals FTP passwords from programs such as FileZilla (used for FTP transfer). So, check your local machine too.