Malware Problems - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Malware Problems

bobbies

3:54 pm on Apr 6, 2009 (gmt 0)

10+ Year Member

Hello,

First let me start by apologizing about the vagueness of this post. I work for a employeer that requires a certain level of security but this problem has stumped me so I am here asking for help.

It seems that a few months ago Googlebot decided that we were hosting Malware on our site (lets call this Site A). It reported the site to stopbadware.org and FF3 started throwing a nasty warning page and Google put up the warning page in their serps.

After submitting a request for review, Site A was reviewed, cleared and a week later the bot marked the site again. This act went on for a week or so and everything has been quite since. Just this morning I noticed that a second site (Site B) that we have that links to Site A, Site B is now being reported by Google as distributing malware from Site A. Site A in Google's Safe Browsing Diagnostics page is clean with no problems.
So my question is if Google see's Site A as being clean with no Malware on it how can they flag Site B as distributing Malware from Site A?
The lack of being able to start a dialogue with Google is to say the least, very frustrating.
I would appreciate any advice on this matter.

-Bobbies

rocknbil

8:48 pm on Apr 6, 2009 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Welcome aboard bobbies, I don't have direct solutions, but is it at all possible your site(s) are victims of Cross Site Scripting or mySQL injection? When you view source of your pages, do you see any Javascript code that shouldn't be there?

bobbies

2:22 pm on Apr 7, 2009 (gmt 0)

10+ Year Member

Thanks rockinbil for the welcome.

I know MySql injection is out as Site B does not use a DB of any sort. A Javascript injection is possible but the only script in use is an email encrypter.
Were you thinking that Site A could be under an injection attack?
I find this whole situation strange as Google reports Site A as clean but Site B as dirty because of Site A.

rocknbil

3:34 pm on Apr 8, 2009 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Well, injection is a term that is not limited to databases, but after your second post, may be off point in your case. Someone can inject unexpected data into your contact form so it can be abused to create a BCC header and piggy back emails to your single contact (I can expand on that, but as said, it's probably off point.)

A closer question is to get at the root of the problem: Why is site A being flagged as a Malware site?

Can you view source on some of the target results pages being flagged in Google, see if there is any unexpected code? If there is, knowing these are not database generated, you may have a security breach that needs to be fixed.

In reference to site B, I don't know that Google would make this connection simply by links, but may, I just don't know. It's more likely that whatever problem you have on site A may also exist in site B. If they are hosted with the same company and you use the same FTP logins to both sites, that is extremely likely.