Malware notification regarding ....

3 naročniki

Ojla

Pridem iz jutranjega poleta, seveda checkiram strani in najdem "Reported attack page" na balonarstvo.com ter vstopnice.com

? WTF?

copy paste:

Dear site owner or webmaster of vstopnice.com,

We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):

http://vstopnice .com/
http://www.vstopnice .com/
http://www.vstopnice .com/dino-merlin-11-06-2011-ljubljana-krizanke-vstopnice-p-1839.html

Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//vstopnice.com/

We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser

If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
http://www.stopbadware.org/home/security

Once you've secured your site, you can request that the warning be removed by visiting
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
and requesting a review. If your site is no longer harmful to users, we will remove the warning.

Sincerely,
Google Search Quality Team

kaj se dogaja? Ne morem niti v administracijo

bemu sveca .. OpenX je nekaj kasiral .. latest version! sem ga preimenoval in poslal zahtevek za review, da mi umaknejo obvestilo .. potem se bom pa posvetil OpenX

Tudi jaz sem imel isti problem pred kakšnim mescom zaradi OpenX-a.

no, da zaključimo temo .. če se komu slučajno to zgodi ..

V GWT sem opazil, da so se problemi porajali v povezavi z OpenX, ki skrbi za dostavo oglasov na straneh. Direktorij sem takoj preimenoval in naredil novo frišno instalacijo OpenX. Postavil na novo zone, updejtal kodo na straneh dodal oglase nazaj (vsi interni)

V GWT sem podal zahtevek za revizijo strani in v 3 - 4 urah so bile strani odblokirane .. zelo pohvalno s strani gugla.

Edino še čakam, da za keyworde na Googlu odstranijo opozorilo .. piše, da lahko traja še malo, preden se indexi pozamenjajo.

če so ti napadli tudi OSC ti mogoče lahko pomagam ... da se prepričaš da nimaš backdora namesti http://www.oscommerce.com/community/contributions,7546/page,28 ... naredil ti bo hash datotek in potem preko chrona vsake toliko preveril crc check in ti poslal email o morebitnih neavtoriziranih spremembah .... dela za vse fajle , ne samo za OSC

Oscommerce je zaprt .. z IP in do FTPja in baze je dostop le z slovenskimi IPji .. no, ne rečem, da se ne da :) (Sony in kreditne kartice) ampak zaenkrat v vseh teh letih imamo mir :)

jaz spremljam tele dva rss v google readerju : http://www.exploit-db.com/rss.php in naročen imam Google alert na search string "oscommerce site:http://www.securityfocus.com"