Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Website giving malware warning on google

  • 21-09-2013 11:30am
    #1
    Registered Users, Registered Users 2 Posts: 3,772 ✭✭✭


    Hey guys,

    my site: jademetal.ie is giving a malware warning but I designed it myself and I know there is no (known) malware there, any insights?

    TIA!


Comments

  • Moderators, Society & Culture Moderators Posts: 17,643 Mod ✭✭✭✭Graham


    Did you checkout your site in Google webmaster tools?

    Does you site use any advertising networks? Do your pages have any other 3rd party javascript?


  • Registered Users, Registered Users 2 Posts: 37 mark8511


    Hi

    I had the same problem months ago, here is something you can do to solve this problem.

    I will try to explain step by step here:

    1. Open your google webmaster tool ( If you already had added your website to google webmaster tool, I t great - If not then please verify your website with google webmaster tool).

    2. In google webmaster tool you will be able to see which file contains the threat and what is that.

    3. Now If it is there, then remove that from your website.

    4. Now use the option to review your website again and write to gogole that you have removed the threat from your website and request for re crawl your website.

    Once its done and website is re crawled, then either google chrome or google search will not show this warning.

    Hope this will help.


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    mark8511 wrote: »
    Hi

    I had the same problem months ago, here is something you can do to solve this problem.

    I will try to explain step by step here:

    1. Open your google webmaster tool ( If you already had added your website to google webmaster tool, I t great - If not then please verify your website with google webmaster tool).

    2. In google webmaster tool you will be able to see which file contains the threat and what is that.

    3. Now If it is there, then remove that from your website.

    4. Now use the option to review your website again and write to gogole that you have removed the threat from your website and request for re crawl your website.

    Once its done and website is re crawled, then either google chrome or google search will not show this warning.

    Hope this will help.
    If your website was compromised it's likely more than just the files that Google lists are compromised. Generally all sorts of hidden backdoors will be added that Google cannot find, but will make it easy for hackers to re-infect the site at some point. If you use a CMS a rebuild or restoration of a recent backup (yes its good practice to keep regular backups of your sites :) ) is the only guarantee to avoiding the issue from happening again.
    Also all site passwords, FTP account passwords, Website control panel passwords would need changing. Your ISP may also be able to help (from their logs) with how your site became infected in the first place, so do contact them if the infection happened recently.
    Also keeping your CMS and plugins/extensions up to date and using strong passwords is also advisable.

    Nick


  • Registered Users, Registered Users 2 Posts: 37 mark8511


    yoyo wrote: »
    If your website was compromised it's likely more than just the files that Google lists are compromised. Generally all sorts of hidden backdoors will be added that Google cannot find, but will make it easy for hackers to re-infect the site at some point. If you use a CMS a rebuild or restoration of a recent backup (yes its good practice to keep regular backups of your sites :) ) is the only guarantee to avoiding the issue from happening again.
    Also all site passwords, FTP account passwords, Website control panel passwords would need changing. Your ISP may also be able to help (from their logs) with how your site became infected in the first place, so do contact them if the infection happened recently.
    Also keeping your CMS and plugins/extensions up to date and using strong passwords is also advisable.

    Nick

    Thanks great advise, as my website was in wordpress and i was asked to change the user name and passwords, re install the admin files and not to put my admin name as admin.

    on my site malware was mainly in js files.


  • Closed Accounts Posts: 9,700 ✭✭✭tricky D


    Check also for rogue .htaccess files with dodgy redirects in them. They could be in any and/or many directories.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,772 ✭✭✭jameshayes


    Thanks for the replies lads - I actually had a back up copy that I know is sound so I restored the site to that.

    Webmaster Tools said there was malware on a number of pages, I wonder if anyone would have a minute to look at the code and see if they can spot it from index.html
    <meta name="description" content="Jade Metal Ltd is a specialist metal fabrication and manufacturing company with a wealth of experience in working with stainless steel, aluminium, mild steel, brass and copper.">
    <meta name="keywords" content="Metal Fabrication, Metal, Stainless Steel, Iron Gates, Security Door, aluminium welding, welding, engineering, copper, Jade Metal, Steel Work, Railing">
    <html><a href="https://plus.google.com/114364218857339979358&quot; rel="publisher">Google+</a>

    <style type="text/css">
    <!--
    .style4 {
    font-size: medium
    }
    -->
    </style>
    <!-- InstanceBegin template="/Templates/main_template.dwt" codeOutsideHTMLIsLocked="false" -->
    <head>
    <!-- InstanceBeginEditable name="doctitle" -->
    <title>Jade Metal Ltd, Specialists in Metal Fabrication, Ireland</title>
    <!-- InstanceEndEditable -->
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <style type="text/css">
    <!--
    body {
    background-color: #0A0A0A;
    }
    -->
    </style>
    <link href="site_layout.css" rel="stylesheet" type="text/css">
    <link href="sitelayout_content.css" rel="stylesheet" type="text/css">
    <style type="text/css">
    <!--
    .style1 {
    color: #FFFFFF;
    font-size: medium;
    font-family: Verdana;
    }
    .style3 {
    color: #FFFFFF;
    font-size: small;
    font-family: Verdana;
    }
    -->
    </style>
    <!-- InstanceBeginEditable name="head" -->
    <meta name="description" content="Jade Metal Ltd is a specialist metal fabrication and manufacturing company with a wealth of experience in working with stainless steel, aluminium, mild steel, brass and copper.">
    <meta name="keywords" content="Metal Fabrication, Metal, Stainless Steel, Iron Gates, Security Door, aluminium welding, welding, engineering, copper, Jade Metal, Steel Work, Railing">
    <!-- InstanceEndEditable -->
    <script type="text/javascript">

    var _gaq = _gaq || [];
    _gaq.push();
    _gaq.push();

    (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
    })();

    </script></head>
    <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
    <!-- ImageReady Slices (jade_280411.psd) -->
    <div id="site_layout">
    <table width="1024" height="769" border="0" align="center" cellpadding="0" cellspacing="0" id="Table_01">
    <tr>
    <td colspan="12">
    <img src="images/jade_280411_01.jpg" width="1024" height="45" alt=""></td>
    </tr>
    <tr>
    <td colspan="3" rowspan="2">
    <img src="images/jade_280411_02.jpg" width="352" height="277" alt=""></td>
    <td colspan="6">
    <a href="index.html"><img src="images/jade_280411_03.jpg" alt="" width="321" height="231" border="0"></a></td>
    <td colspan="3" rowspan="2"><img src="images/jade_280411_04.jpg" width="351" height="277" alt=""></td>
    </tr>
    <tr>
    <td colspan="6">
    <img src="images/jade_280411_05.jpg" width="321" height="46" alt=""></td>
    </tr>
    <tr>
    <td colspan="2" rowspan="2">
    <img src="images/jade_280411_06.jpg" width="293" height="137" alt=""></td>
    <td>
    <a href="index.html"><img src="images/jade_280411_07.jpg" alt="" width="59" height="61" border="0"></a></td>
    <td rowspan="2">
    <img src="images/jade_280411_08.jpg" width="65" height="137" alt=""></td>
    <td>
    <a href="gallery.html"><img src="images/jade_280411_09.jpg" alt="" width="60" height="61" border="0"></a></td>
    <td rowspan="2">
    <img src="images/jade_280411_10.jpg" width="64" height="137" alt=""></td>
    <td>
    <a href="about.html"><img src="images/jade_280411_11.jpg" alt="" width="58" height="61" border="0"></a></td>
    <td rowspan="2">
    <img src="images/jade_280411_12.jpg" width="64" height="137" alt=""></td>
    <td colspan="2">
    <a href="contact.html"><img src="images/jade_280411_13.jpg" alt="" width="61" height="61" border="0"></a></td>
    <td colspan="2" rowspan="2">
    <img src="images/jade_280411_14.jpg" width="300" height="137" alt=""></td>
    </tr>
    <tr>
    <td>
    <img src="images/jade_280411_15.jpg" width="59" height="76" alt=""></td>
    <td>
    <img src="images/jade_280411_16.jpg" width="60" height="76" alt=""></td>
    <td>
    <img src="images/jade_280411_17.jpg" width="58" height="76" alt=""></td>
    <td colspan="2">
    <img src="images/jade_280411_18.jpg" width="61" height="76" alt=""></td>
    </tr>
    <tr>
    <td colspan="12"><!-- InstanceBeginEditable name="maincontent" -->
    <div id="sitelayout_content">
    <blockquote>
    <p> </p>
    <blockquote>
    <hr>
    <p align="justify" class="style1 style4">Jade Metal Ltd is a specialist metal fabrication and manufacturing company with a wealth of experience in working with stainless steel, aluminium, mild steel, brass and copper. We boast a large portfolio of work where we design and manufacture general engineering products along with highly specialised and individual work. Our team holds almost 200 years combined working experience and we hold an array of skills that cannot be matched.  <br>
    </p>
    <p align="justify" class="style1 style4">We are strategically located in Western Industrial Estate with access to the M50 only minutes away, although we are located in Dublin much of our work is carried out across the entire country. <br>
    </p>
    <p align="justify" class="style1 style4">Jade Metal Ltd has a ‘Hands on’ involvement by the owners Jimmy Hayes & Declan Hughes which ensures quality remains at the highest level and our customer needs remain paramount.  <br>
    </p>
    <p align="justify" class="style1 style4">We have earned the trust of many companies and clients over many years and have developed an excellent reputation for top quality design and dependable deliveries. We pride ourselves on getting the job done and doing it at the right cost.  </p> <hr>
    </blockquote>
    </blockquote>
    </div>


    <!-- InstanceEndEditable --></td>
    </tr>
    <tr>
    <td> </td>
    <td colspan="10"><div align="center">
    <p class="style3">JADE METAL LTD, 201 HOLLY ROAD, WESTERN INDUSTRIAL ESTATE, NAAS ROAD, DUBLIN 12 --- INFO@JADEMETAL.IE --- 01 456 4700</p>
    </div></td>
    <td> </td>
    </tr>
    <tr>
    <td>
    <img src="images/spacer.gif" width="42" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="251" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="59" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="65" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="60" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="64" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="58" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="64" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="10" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="51" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="241" height="1" alt=""></td>
    <td>
    <img src="images/spacer.gif" width="59" height="1" alt=""></td>
    </tr>
    </table>
    </div>
    <div align="center">
    <!-- End ImageReady Slices -->
    </div>
    </body>
    <!-- InstanceEnd --></html>
    </div>
    </body>
    <!-- InstanceEnd --></html>alt=""></td>
    </tr>
    </table>
    </div>
    <div align="center">
    <!-- End ImageReady Slices -->
    </div>
    </body>
    <!-- InstanceEnd --></html>


  • Moderators, Society & Culture Moderators Posts: 17,643 Mod ✭✭✭✭Graham


    There's nothing there that leaps out to be honest. Can you be a bit more specific about what Google Webmaster Tools said?


  • Registered Users, Registered Users 2 Posts: 3,772 ✭✭✭jameshayes


    Graham wrote: »
    There's nothing there that leaps out to be honest. Can you be a bit more specific about what Google Webmaster Tools said?

    thats what I thought... print screen from WMT


  • Registered Users, Registered Users 2 Posts: 3,772 ✭✭✭jameshayes


    What is the current listing status for jademetal.ie?
    Site is listed as suspicious - visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

    What happened when Google visited this site?
    Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-09-19, and the last time suspicious content was found on this site was on 2013-09-18.
    This site was hosted on 1 network(s) including AS33182 (DIMENOC).

    Has this site acted as an intermediary resulting in further distribution of malware?
    Over the past 90 days, jademetal.ie did not appear to function as an intermediary for the infection of any sites.


  • Moderators, Society & Culture Moderators Posts: 17,643 Mod ✭✭✭✭Graham


    I see the last scan was on the 18th/19th so you may well have already addressed the problems. I also see that another scan is pending so Google may just not have picked up the changes/fix yet.

    I just grabbed the html directly from your site and still cannot see anything that would cause alarm. No php anywhere (or mention of it) and the only javascript is the Google Analytics.

    I'm guessing you're on a shared hosting package and this isn't your own dedicated server.

    Can you FTP onto the server and see if there's any other files in the root (probably www directory) of your hosting account.


  • Advertisement
  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    mark8511 wrote: »
    Thanks great advise, as my website was in wordpress and i was asked to change the user name and passwords, re install the admin files and not to put my admin name as admin.

    on my site malware was mainly in js files.
    Yep, that's all sound advice, particularly the re-downloading of the CMS and re-integrating the website. I would also check the database for any dodgy scripts, base64 encode/eval etc.
    Not using "Admin" as the username will also protect against dictionary based attacks, if a weak password was being used. Strong passwords and non-standard admin names are definitely the way to go.
    jameshayes wrote: »
    Thanks for the replies lads - I actually had a back up copy that I know is sound so I restored the site to that.

    Webmaster Tools said there was malware on a number of pages, I wonder if anyone would have a minute to look at the code and see if they can spot it from index.html
    As mentioned above malware can be triggered from a compromised .htaccess file. Check the .htaccess file(s) within your sites folders for any suspicious entries. Your web host may be willing to help you do this as it's also in their interests to do so.
    Make sure to use strong FTP/web control panel passwords. I'm assuming your site has no dynamic scripts due to Dreamweaver use, but if you do use any PHP etc. code (contact forms, blog pages etc.) make sure they are safe, updating them if applicable

    Nick


  • Registered Users, Registered Users 2 Posts: 3,772 ✭✭✭jameshayes


    I think I'm in the clear now, but my work is still blocking the page due to security issues for some reason?


  • Moderators, Society & Culture Moderators Posts: 17,643 Mod ✭✭✭✭Graham


    No warnings from here anymore, looks like you might have caught it.

    If you're going through a local proxy server, it may not have updated its blacklists yet.


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    Graham wrote: »
    No warnings from here anymore, looks like you might have caught it.

    If you're going through a local proxy server, it may not have updated its blacklists yet.

    It's worth checking the folders via FTP for any unknown files/scripts which could still be there. Also the .htaccess should be checked. Even cleaning the html files up will not do much if the hackers have placed a backdoor on the site.
    The malware attacks aren't usually that easy to fix :( . I've had to do it before due to people using bad directory permissions, weak passwords etc.. :( It can take a good while to properly clean up, particularly CMS sites.

    Nick


  • Registered Users, Registered Users 2 Posts: 2,021 ✭✭✭ChRoMe


    yoyo wrote: »
    It's worth checking the folders via FTP for any unknown files/scripts which could still be there. Also the .htaccess should be checked. Even cleaning the html files up will not do much if the hackers have placed a backdoor on the site.
    The malware attacks aren't usually that easy to fix :( . I've had to do it before due to people using bad directory permissions, weak passwords etc.. :( It can take a good while to properly clean up, particularly CMS sites.

    Nick

    If a site or box has been compromised I've always been of the view that you must nuke it and start from a known clean copy otherwise you can never be really sure.


  • Registered Users, Registered Users 2 Posts: 200 ✭✭druidhill


    I would suspect a weak FTP password - note this may or may not be out of your control i.e. your hosting provider.


Advertisement