| Dumbledore | 11-14-2011 06:46 PM |
Resolved, clean and not an issue: Google Malware warning
Many of our members have noticed Malware warnings when visiting our site lately.
Something like this: http://i1098.photobucket.com/albums/...re-warning.png
Clicking the link to the diagnostics page would give you this: Quote:
<p class="d"><strong>What is the current listing status for www.snitchseeker.com/gallery/albums?</strong></p><blockquote><p>This site is not currently listed as suspicious.</p><p>Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.</p></blockquote><p class="d"><strong>What happened when Google visited this site?</strong></p><blockquote>Of the 3 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-11-12, and the last time suspicious content was found on this site was on 2011-11-10.<p>Malicious software includes 2 trojan(s).</p><p>Malicious software is hosted on 1 domain(s), including <a href="http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=q3s.ru/&client=googlechrome&hl=en-US">q3s.ru/</a>.</p><p>This site was hosted on 1 network(s) including <a href="/safebrowsing/diagnostic?site=AS:46475&client=googlechrome&hl=en-US">AS46475 (LIMESTONENETWORKS)</a>.</p></blockquote><p class="d"><strong>Has this site acted as an intermediary resulting in further distribution of malware?</strong></p><blockquote><p>Over the past 90 days, www.snitchseeker.com/gallery/albums did not appear to function as an intermediary for the infection of any sites.</p></blockquote><p class="d"><strong>Has this site hosted malware?</strong></p><blockquote><p>No, this site has not hosted malicious software over the past 90 days.</p></blockquote>
| This warning showed up because Google added a new feature to protect people from malicious sites and to help make the web a safer place. They scan all files on websites around the web (including ours) and if they find any suspicious looking code, they put up that warning to anybody who attempts to view any page anywhere on the site, regardless of if the section was flagged or not. The entire site gets the warning once any file on any section is found to contain malicious code.
In our case, the malicious code was an invisible iframe which hackers had placed in unused index files in our gallery. REPEAT: The files containing the malicious code were in UNUSED pages in our gallery - pages not linked to from anywhere and which nobody can visit. So nobody was at any time in danger of getting infected. But Google plays it safe and flagged our site anyway, just in case.
I have found and manually removed all the infected files, and resubmitted our site for Google to check. Yesterday we got confirmation from Google that the malicious files indeed are removed and our site has returned to good standing and is no longer flagged.
See screen from our Google webmaster tools confirmation (screen taken 13 Nov 2011):<blockquote><blockquote> http://i1098.photobucket.com/albums/...gle-status.png</blockquote></blockquote>
The days leading up to November 13th, the message was this:<blockquote><blockquote> http://i1098.photobucket.com/albums/...-warning-1.png
</blockquote></blockquote>
I hope this explains everything clearly for all of you. Bottom line: Nobody was ever in any real danger of infection, and now ALL files on our server (even ones not accessed by site visitors) have been cleaned and all malicious tags have been removed. Google has confirmed this and has removed the warning.
I apologize for any worries or inconvenience this might have caused you. Thank you for keeping us on our toes! :)
Love from your faithful headmaster,
Richard Harris aka Dumbledore | 