Domain Manage

Bad Ware

Discussion in 'Website Design' started by slowhost, Jun 19, 2009.

Thread Status:
Not open for further replies.
  1. slowhost United Kingdom

    slowhost Active Member

    Joined:
    Jul 2008
    Posts:
    164
    Likes Received:
    0
    Dont know if this is in the right place or wether anyone can help me but i have had this message today from google and dont know what to do.... HELP

    Dear AdWords Advertiser,

    We've determined that there's a high probability that your site may be hosting or distributing malicious software. As a result, your account ID @@@-$$$-%%%% has been suspended until these issues have been resolved.

    Our tests indicate that the following URLs may contain code which installs malicious software:

    @ mysite.co.uk

    How do i find out if my site has been hacked or has viruses?
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
     
  3. slowhost United Kingdom

    slowhost Active Member

    Joined:
    Jul 2008
    Posts:
    164
    Likes Received:
    0
    Just had a look at the rest of my sites and they all have a snippet of code in there so i have removed this but dont have a clue how its got there and dont want it to reapper... can anyone help?

    I dont want to post the code up just in case.
     
  4. bensd United Kingdom

    bensd Well-Known Member Exclusive Member

    Joined:
    Jan 2007
    Posts:
    4,956
    Likes Received:
    53
    Is the website database driven?

    It could have been an mysql injection... there were a few hackers doing the rounds last year.

    I think there were couple of posts about it on here.
     
  5. slowhost United Kingdom

    slowhost Active Member

    Joined:
    Jul 2008
    Posts:
    164
    Likes Received:
    0
    i dont know what you mean by data based driven, but all my sites seem to have had the code in them, i have taken the code out now

    it said iframe then a website then the shape of a table if you know what i mean. i dont know why i have this but i`m worried
     
  6. bensd United Kingdom

    bensd Well-Known Member Exclusive Member

    Joined:
    Jan 2007
    Posts:
    4,956
    Likes Received:
    53
    Is the site handcoded or do you have a cms?
     
  7. retired_member21

    retired_member21 Retired Member

    Joined:
    Apr 2008
    Posts:
    742
    Likes Received:
    13
    Sounds like a wordpress exploit :(

    You should really have a look at your site with CSS and JAVASCRIPT disabled and you should see any foreign links/content

    I had all of my accounts (10 sites) on a reseller account affected so it's worth checking any sites you have on the server also
     
  8. slowhost United Kingdom

    slowhost Active Member

    Joined:
    Jul 2008
    Posts:
    164
    Likes Received:
    0
    sorry being really think as, but still dont understand i make the sites with dreamweaver in html if that answers the question.

    how did you get rid of it? and did it come back?
     
  9. retired_member21

    retired_member21 Retired Member

    Joined:
    Apr 2008
    Posts:
    742
    Likes Received:
    13
    What I did was:-

    Change all my passwords (ftp)
    Alert hosting company and ask them to investigate - they will want to help (as it could affect their other customers)
    Keep an eye on the 'last modified' or the dates on which your files were edited

    If you make your sites in dreamweaver without a database, then it could be something wrong with the server and all the sites on it are being affected
     
    Last edited: Jun 19, 2009
  10. Systreg

    Systreg Well-Known Member

    Joined:
    Oct 2008
    Posts:
    6,586
    Likes Received:
    96
    Yes, it could even be your webhosts that have been hacked, we had a similar problem on a forum where it kept installing a iframe which went to a Russian url site, deleted the frame, it appeared again, further investigation found that it affected multiple sites that the webhost was hosting.
     
  11. slowhost United Kingdom

    slowhost Active Member

    Joined:
    Jul 2008
    Posts:
    164
    Likes Received:
    0
    That is what its doing. it redirects to a .cn site!!! how did you get rid of it ?
     
  12. Systreg

    Systreg Well-Known Member

    Joined:
    Oct 2008
    Posts:
    6,586
    Likes Received:
    96
    Hi, you need to find out if it's just your site that is being affected, or if it's your webhost and other sites hosted by them are also affected, get in touch with your hosts as soon as possible for them to investigate it.
     
  13. retired_member21

    retired_member21 Retired Member

    Joined:
    Apr 2008
    Posts:
    742
    Likes Received:
    13
    Check other sites on your server- I'd find out first by doing a reverse IP lookup

    If it's found to be the hosts fault - you can then go after them for compensation / potential damages as it could've affected your business if it was an oversight/error with their security

    Reverse IP - View all domain names hosted on an IP address
     
  14. slowhost United Kingdom

    slowhost Active Member

    Joined:
    Jul 2008
    Posts:
    164
    Likes Received:
    0
    Hi i have two different hosts, i`ve rung one of them and they said it looks like my com is affected and when i`ve changed bits on my sites which i do alot. they have got a virus on. does this sound about rite? i have done a scan with norton and nothing has come up, but my comp is doing some crazy things is there a better anti virus available?
     
  15. retired_member21

    retired_member21 Retired Member

    Joined:
    Apr 2008
    Posts:
    742
    Likes Received:
    13
  16. dashu1 United Kingdom

    dashu1 Well-Known Member

    Joined:
    Nov 2008
    Posts:
    1,110
    Likes Received:
    14
    The best antivirus in my opinion is nod32 by eset.

    It is fast, doesn't cause problems like norton & co, and is allegedly the anti virus software used by microsoft themselves.

    I've had it for 2 years & had no problems at all (touch wood), whereas with norton I had a glut of problems, including 1 infection.
     
  17. slowhost United Kingdom

    slowhost Active Member

    Joined:
    Jul 2008
    Posts:
    164
    Likes Received:
    0
    Just had a look at my site its been flagged by google now no one can go on it.

    I took the iframe of yesterday but thins morning its back on, done a full scan. i have changed the password on one of my accounts and think they are ok but cant on this one yet as i`ve gone thru someone else.

    what else can i do to make this right?
     
  18. retired_member21

    retired_member21 Retired Member

    Joined:
    Apr 2008
    Posts:
    742
    Likes Received:
    13
  19. slowhost United Kingdom

    slowhost Active Member

    Joined:
    Jul 2008
    Posts:
    164
    Likes Received:
    0
    The bad ware seams to have gone now, thanks for everyones help, i hav been monitoring the site with this Web page security report and it seems to tell you if there is any badware on may be worth a look if you think you also have had a problem...
     
  20. retired_member21

    retired_member21 Retired Member

    Joined:
    Apr 2008
    Posts:
    742
    Likes Received:
    13
    Well done.

    Did you get any feedback from Google, or was it all automated

    Did you find out anything from your hosting company?
     
  21. slowhost United Kingdom

    slowhost Active Member

    Joined:
    Jul 2008
    Posts:
    164
    Likes Received:
    0
    Hi mate sorry its taken so long,

    I got a message from google in my webmaster tools that told my my site had a virus and no one could get on it, but nothing since i fixed it.

    The hosting company just said it must be something of my comp and basically nothing to do with them.

    it has been clean now for a couple of weeks s fingers crossed the problem is solved... thanks for the advice everyone.
     
Thread Status:
Not open for further replies.

Share This Page