If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Virus and/or malware warning when entering site
I work for an online travel and leisure company and a few days ago peopele
started calling us and saying we had a virus and/or malware , spyware warning popping up when they tried to get into the site. The message is below:............... Reported Attack Site! .......This web site at www.forcetravelclub.co.uk has been reported as an attack site and has been blocked based on your security preference. Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system. Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners. END...... Our IT guy has run all the usual virus and spam/maware/spyware programs and they all come up clear. I was wondering if the reason for this may be that someone has hacked into our server and/or done something which makes this message come up. Also when you do a Google search for our site ( Force Travel Club) you also get a warning that the site may harm your computer if you go into it. Its causing us loads of problems and everyone who goes near the site gets these warnong messgaes and stay way clear. I would be very very grateful for any help or advise on how to deal with this problem Thanks in advance. JC |
Ads |
#2
|
|||
|
|||
Virus and/or malware warning when entering site
On Wed, 20 Jan 2010 01:40:01 -0800, Belprice
wrote: I work for an online travel and leisure company and a few days ago peopele started calling us and saying we had a virus and/or malware , spyware warning popping up when they tried to get into the site. The message is below:............... Reported Attack Site! ......This web site at www.forcetravelclub.co.uk has been reported as an attack site and has been blocked based on your security preference. Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system. Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners. END...... Our IT guy has run all the usual virus and spam/maware/spyware programs and they all come up clear. I was wondering if the reason for this may be that someone has hacked into our server and/or done something which makes this message come up. Also when you do a Google search for our site ( Force Travel Club) you also get a warning that the site may harm your computer if you gointo it. Its causing us loads of problems and everyone who goes near the site gets these warnong messgaes and stay way clear. I would be very very grateful for any help or advise on how to deal with this problem Thanks in advance. JC For the Google warning see: FAQ: Malware and hacked sites http://www.google.com/support/forum/...6fc0996a&hl=en " Q: My site has been labeled as "This site may harm your computer." What do I do? A: Clean up your site. If you don't know how to do this, contact your web host for help. Q: Google's search results say I have malware, but I can't find it! A: If you can't find malware on your site yourself, it's generally best to let the users in the Webmaster Help Forum help you to find it. Oftentimes, malware is somewhat hidden. " Malware and Hacked Sites section of the Google Webmaster Help Forum http://www.google.com/support/forum/...6fc0996a&hl=en I tried to access the site using Firefox 3.0.17 and now see the "attack site" warning. It would be nice if you had included such information in your initial post. The advisory is provided by Google so just contact them for assistance in locating where the malicious content may be. http://www.google.com/safebrowsing/d...b.co.uk/&hl=en " What is the current listing status for forcetravelclub.co.uk? Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. What happened when Google visited this site? Of the 4 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-01-19, and the last time suspicious content was found on this site was on 2010-01-18. This site was hosted on 1 network(s) including AS15418 (FASTHOSTS). Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, forcetravelclub.co.uk did not appear to function as an intermediary for the infection of any sites. Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days. How did this happen? In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message. Next steps: Return to the previous page. If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center. " MowGreen =============== *-343-* FDNY Never Forgotten =============== banthecheck.com "Security updates should *never* have *non-security content* prechecked |
#3
|
|||
|
|||
Virus and/or malware warning when entering site
From: "MowGreen"
snip | For the Google warning see: snip Site was WAS compramised. See Multi-Post in; microsoft.public.security -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#4
|
|||
|
|||
Virus and/or malware warning when entering site
Got it. Darn multiposters !!! w
It's a sad commentary when a law enforcement website doesn't understand how their site was hacked. MowGreen =============== *-343-* FDNY Never Forgotten =============== banthecheck.com "Security updates should *never* have *non-security content* prechecked David H. Lipman wrote: From: "MowGreen" snip | For the Google warning see: snip Site was WAS compramised. See Multi-Post in; microsoft.public.security |
#5
|
|||
|
|||
Virus and/or malware warning when entering site
From: "MowGreen"
| Got it. Darn multiposters !!! w | It's a sad commentary when a law enforcement website doesn't understand | how their site was hacked. LE site ? Looked like a travel club site. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#6
|
|||
|
|||
Virus and/or malware warning when entering site
"Force" Travel Club, David.
It's " An exclusive web site for Police Officers, Police Staff, and Retired Police Offers " in the UK. MG David H. Lipman wrote: From: "MowGreen" | Got it. Darn multiposters !!! w | It's a sad commentary when a law enforcement website doesn't understand | how their site was hacked. LE site ? Looked like a travel club site. |
#7
|
|||
|
|||
Virus and/or malware warning when entering site
From: "MowGreen"
| "Force" Travel Club, David. | It's " An exclusive web site for Police Officers, Police Staff, and | Retired Police Offers " in the UK. | MG I see. Danke. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#8
|
|||
|
|||
Virus and/or malware warning when entering site
There's a good joke about traveling cops somewhere in this thread...I
just can't think of one at the moment. ;-) --- Leonard Grey Errare humanum est David H. Lipman wrote: From: "MowGreen" | "Force" Travel Club, David. | It's " An exclusive web site for Police Officers, Police Staff, and | Retired Police Offers " in the UK. | MG I see. Danke. |
#9
|
|||
|
|||
Virus and/or malware warning when entering site
Does it have anything to do with donuts ? w
MG Leonard Grey wrote: There's a good joke about traveling cops somewhere in this thread...I just can't think of one at the moment. ;-) --- Leonard Grey Errare humanum est David H. Lipman wrote: From: "MowGreen" | "Force" Travel Club, David. | It's " An exclusive web site for Police Officers, Police Staff, and | Retired Police Offers " in the UK. | MG I see. Danke. |
#10
|
|||
|
|||
Virus and/or malware warning when entering site
Hi Dave , Mo Leo and all others offering me great help and advise.
Thanks thus far for all your help , we are currently going through the info and advise you all provided. All we want is to remove the warning sign and have the site up and running again. One of you sauggested that we contact Google and have them remove the message , but how does one go about this. Also , am I right in that we have a malware issue here , or am barking up the wrong tree.! Thanks in advance.. Your truely Inspector Clueso...An officer of the LAW!!!! "MowGreen" wrote: Does it have anything to do with donuts ? w MG Leonard Grey wrote: There's a good joke about traveling cops somewhere in this thread...I just can't think of one at the moment. ;-) --- Leonard Grey Errare humanum est David H. Lipman wrote: From: "MowGreen" | "Force" Travel Club, David. | It's " An exclusive web site for Police Officers, Police Staff, and | Retired Police Offers " in the UK. | MG I see. Danke. . |
#11
|
|||
|
|||
Virus and/or malware warning when entering site
"Belprice" wrote in message
... Hi Dave , Mo Leo and all others offering me great help and advise. Thanks thus far for all your help , we are currently going through the info and advise you all provided. All we want is to remove the warning sign and have the site up and running again. One of you sauggested that we contact Google and have them remove the message , but how does one go about this. Also , am I right in that we have a malware issue here , or am barking up the wrong tree.! Thanks in advance.. Your truely Inspector Clueso...An officer of the LAW!!!! You can't ask Google to remove a warning that is still valid! I know nothing about building web pages, but I do know yours needs to be edited to remove the references (links) to nt010.cn. Whoever created your web page must know how to do that? Only when it is fixed can you expect Google's warning to disappear. More importantly, you have to find out how an outsider managed to corrupt your page(s), and fix that. |
#12
|
|||
|
|||
Virus and/or malware warning when entering site
You can contact Goggle for assistance in cleaning up the "bad" code:
Q: Google's search results say I have malware, but I can't find it! A: If you can't find malware on your site yourself, it's generally best to let the users in the Webmaster Help Forum help you to find it. Oftentimes, malware is somewhat hidden. " Malware and Hacked Sites section of the Google Webmaster Help Forum http://www.google.com/support/forum/...6fc0996a&hl=en And, as Martin has posted, you need to contact your *Hosting Company * and find out how the site was hacked in the first place. It is being hosted by FASTHOSTS, correct ? MowGreen =============== *-343-* FDNY Never Forgotten =============== banthecheck.com "Security updates should *never* have *non-security content* prechecked Belprice wrote: Hi Dave , Mo Leo and all others offering me great help and advise. Thanks thus far for all your help , we are currently going through the info and advise you all provided. All we want is to remove the warning sign and have the site up and running again. One of you sauggested that we contact Google and have them remove the message , but how does one go about this. Also , am I right in that we have a malware issue here , or am barking up the wrong tree.! Thanks in advance.. Your truely Inspector Clueso...An officer of the LAW!!!! |
#13
|
|||
|
|||
Virus and/or malware warning when entering site
Belprice wrote:
Hi Dave , Mo Leo and all others offering me great help and advise. Thanks thus far for all your help , we are currently going through the info and advise you all provided. All we want is to remove the warning sign and have the site up and running again. One of you sauggested that we contact Google and have them remove the message , but how does one go about this. Also , am I right in that we have a malware issue here , or am barking up the wrong tree.! Thanks in advance.. Speaking from personal experience, there is malware on your site. You just have to find and fix it, and find the opening. Look at the code for the pages referenced, and especially look for an iframe tag. Also look at your site with an FTP program for folders that you didn't upload. Use your web host's stats to see which pages site are getting the most traffic (the hacked pages) and where it is coming from, i.e. referral pages. Look for the search words visitors are using to get to your site. Get your web host to help you find out where the hacker got in. Upload the original pages created by your web site designer and make sure you dont' contaminate them from the hacked pages on your site. Keep uploading clean pages until the hacking stops; if necessary change the page names because it's probably being done with a script from a remote site. Then you need to change the permissions on your pages and folders to make sure they can't be written to from off the web. And after your site has stayed clean for a couple of weeks, you can petition Google to remove the warning. |
#14
|
|||
|
|||
Virus and/or malware warning when entering site
From: "Donahoo"
| Speaking from personal experience, there is malware on your site. You | just have to find and fix it, and find the opening. Look at the code for | the pages referenced, and especially look for an iframe tag. Also look | at your site with an FTP program for folders that you didn't upload. Use | your web host's stats to see which pages site are getting the most | traffic (the hacked pages) and where it is coming from, i.e. referral | pages. Look for the search words visitors are using to get to your site. | Get your web host to help you find out where the hacker got in. Upload | the original pages created by your web site designer and make sure you | dont' contaminate them from the hacked pages on your site. Keep | uploading clean pages until the hacking stops; if necessary change the | page names because it's probably being done with a script from a remote | site. Then you need to change the permissions on your pages and folders | to make sure they can't be written to from off the web. | And after your site has stayed clean for a couple of weeks, you can | petition Google to remove the warning. Your experence does NOT equate to her experience. The site was scanned with anti malware software but I doubt it has any. Chances are extremely high the the malicious actor found a vulnerability in the web site, exploted it, and inserted redirection code. You don't have infect the web site and have malware reside on the web site to do this. It is the site where the user is redirected to that hosts the malware. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#15
|
|||
|
|||
Virus and/or malware warning when entering site
"Donahoo" wrote in message
... Belprice wrote: Hi Dave , Mo Leo and all others offering me great help and advise. Thanks thus far for all your help , we are currently going through the info and advise you all provided. All we want is to remove the warning sign and have the site up and running again. One of you sauggested that we contact Google and have them remove the message , but how does one go about this. Also , am I right in that we have a malware issue here , or am barking up the wrong tree.! Thanks in advance.. Speaking from personal experience, there is malware on your site. It's too soon to make that call. A server's webpage has evidently been edited to lead clients to malware. How it got edited remains to be seen. The OP needs to take down the server and use forensics to determine how the affected page(s) got edited. Possibly a software vulnerability -something like this: http://en.wikipedia.org/wiki/Cross-site_scripting. |
|
Thread Tools | |
Display Modes | |
|
|