Msg#: 4513762 posted 4:46 pm on Oct 29, 2012 (gmt 0)
Ok, so a client came to us saying he had an issue with his site being blocked by google. We changed his hosting over to host gator which gave him new nameservers. His site is a joomla site and I looked over the code for hidden malicous content but I didnt find anything.
When you search for his site in google and then click on it you get a red warning that the site is malicious. But if you just type in the address everything is fine.
Im really puzzled what is happening, any ideas?
[The Google error page says: [domain] contains malware. Your computer might catch a virus if yo visit this site]
The name of the site is (removed).net but it shows (removed).ru on the error screen.
[edited by: Webwork at 12:29 am (utc) on Oct 30, 2012]. Removed specifics
[edited by: ergophobe at 1:36 pm (utc) on Oct 30, 2012] [edit reason] replaced screenshot with verbal description - don't want anyone accidentally followin [/edit]
Msg#: 4513762 posted 1:44 pm on Oct 30, 2012 (gmt 0)
You can use the Sucuri Site Check (http://sitecheck.sucuri.net) to find out what the various authorities are reporting.
From there, you need to start with some detective work. When you say you couldn't find anything, how did you go about that? I would download a default distro of Joomla or, even better if you have it, a known safe backup of the site, and run a diff to find out what's different.
While you're at it, check the whois data for both domains.
Msg#: 4513762 posted 2:47 pm on Oct 30, 2012 (gmt 0)
Msg#: 4513762 posted 12:18 am on Oct 31, 2012 (gmt 0)
If you didn't find anything, keep looking.
Same thing happened recently to an unimpeachable site that I know slightly. At first they simply assumed minor hacking to scare them into buying some unneeded security software. The culprit ended up being a Russian site with contact info in Lithuania; I remember looking them up and thinking that RIPE's verification criteria were due for an overhaul.
It was educational for a reason you may not even have thought of: I was surprised at how many browsers independently use g###'s security verification. The "may harm your computer" text doesn't only show up in SERPs* but as advance warning in the browser itself.
* Gosh. I had no idea this acronym was invented by anyone in particular ;)