Receive a malware notification from Google

Forum Moderators: phranque

Message Too Old, No Replies

Receive a malware notification from Google

Just received a malware notification but have no idea what went wrong

Rufus_dog

9:12 am on Jun 4, 2009 (gmt 0)

I have just received a malware notification from Google today, claiming that my site has suspicious content and they will put a warning in their search result. I checked the Stopbadware guidelines but could not find any problem with my site. A Google diagnosis also confirmed that there was no suspicious content or malicious software hosted in my site over the past 90 days. The only problem is my site is hosted in a network of >40000 sites and some of them have suspicious content that can download malware to the visitors' computers. My site is hosted in a shared server so I can't control the content of the other sites (and these sites may or may not know they serve suspicious content themselves). I wonder if the more experienced webmasters can suggest ways to tackle this problem. I have already contacted my hosting company and asked Google for a site review and explained the situation.

Thanks in advance for your help.

JS_Harris

9:53 am on Jun 4, 2009 (gmt 0)

Check your server logs for suspicious activity on your site. Check your code to make sure you haven't allowed a widget of some kind permission to execute code (I see this on wordpress sites that allow php execution inside articles but forget that widgets in the sidebar can execute it too).

If the problem is not on your site talk to your host, they can most readily find the problem site on your shared server and remove it. File a complaint if you have to, your service is being affected.

piatkow

10:04 am on Jun 4, 2009 (gmt 0)

Did you check the message headers to make sure that the notification itself was genuine?

Rufus_dog

8:28 am on Jun 5, 2009 (gmt 0)

I found out that my site was hacked. The attack was on the server side. I checked all files in my own computer and they are okay, but someone put a javascript code in the index page of one subdomain and the main domain. I have removed the script and Google has removed the warning too. My hosting company said I needed to take care of my own content and they did not think it was their fault. I use Dansie shopping cart, it is the only script (CGI script) I installed in my account. So I don't know if this is the problem. When you have several subdomains, it is really hard to detect any suspicious codes at first.

tangor

9:14 am on Jun 5, 2009 (gmt 0)

it is really hard to detect any suspicious codes at first.

But the head's up has been given. This maintainance/housekeeping is something you'll have to do "forever".