Comments on: Why My Blog Is Dangerous

By: handan

handan — Tue, 02 Sep 2008 03:01:06 +0000

for some rather simple javascript (.js) hacks, and we weren’t defaced or anything like that. Since google began its new security service to alert web surfers of potential security risks many si… The warnings which state something like “This website may be dangerous” on every search

By: Spacecheck » Blog Archive » Google thinks this site is still dangerous. It isn’t!

Tue, 05 Aug 2008 20:56:43 +0000

[...] for some rather simple javascript (.js) hacks, and we weren’t defaced or anything like that. Since google began its new security service to alert web surfers of potential security risks many si… The warnings which state something like “This website may be dangerous” on every search [...]

By: Dusty Bradshaw

Dusty Bradshaw — Tue, 05 Aug 2008 20:40:49 +0000

I couldn’t agree more. Spacecheck.org must be “dangerous” too, even though we have upgraded to the newest wordpress version and in doing so lost the functionality of the our custom (but not dangerous) comment moderation system, until I re-write it for the new Wordpress…

Gah.

I have asked google 2 times for manual review and it has been over 24 hours now… nothing. Spacecheck is not dangerous. It isn’t like my site is big or anything. It is tiny. It is CLEAN! Be glad at least you got your issues here resolved. Maybe mine will be resolved in days/weeks?

I even called google and actually spoke to someone on the phone. They didn’t even send a courtesy email sent saying they had found something (.js file) fishy before they lowered the dangerous/malware hammer.

Anyway, this is a good service I guess.. but a speedy clean up of my site (or anyone else’s) shouldn’t be rewarded with slowness on Google’s part to re-index/crawl/vet/checkout/ the sites.

By: itsalljustaride

itsalljustaride — Thu, 26 Jun 2008 19:07:17 +0000

I just got blacklisted too. In my case I can’t seem to log into the Wordpress admin panel since the Firefox 3 “Reported Attack Site” alert keeps borking the login. Had to log in with Safari to even attempt to find the parts I need to fix. Very annoying.

By: Bill McGonigle

Bill McGonigle — Mon, 21 Apr 2008 18:41:53 +0000

Hi, Chris - no warning from FF3 (trunk) today. Looks like you’re off the list. Thanks for posting this - definitely a bit obtuse.

By: crschmidt

crschmidt — Sun, 20 Apr 2008 00:47:24 +0000

JohnMu:

Ah. Okay. That definitely was *not* clear from the UI: I understand the problem, and see why it could happen.

I do think it’s probably not an uncommon thing for a sub-’site’ of a website to be infected, given the number of sites that use a separate blogging software (within the same domain) for their website.

Your instructions did help me get to the point where I’ve requested a review: Here’s hoping there’s nothing funky that I’ve missed in my review. Thanks!

By: JohnMu

JohnMu — Sat, 19 Apr 2008 23:51:52 +0000

Hi crschmidt, I think I was a bit confusing in my posting :-). What you need to do is make sure that you have verified ownership of http://crschmidt.net/blog/ (not just crschmidt.net) in your Webmaster Tools account. Once that is done, you should be able to see the warning and the link for the review process.

In general, when a site gets hacked the whole site gets hacked and has that link right in the root for the whole domain. However, in your case it’s only the subdirectory and lower that was hacked and which has the malware warnings. That’s why you explicitly need to verify ownership of the subdirectory so that you have access to the warnings and can file a for a review.

By: crschmidt

crschmidt — Sat, 19 Apr 2008 23:39:32 +0000

JohnMu:

I didn’t verify that part of my site didn’t have mal-ware: StopBadware/Google only ever detected crschmidt.net/blog/ as being an issue. When I said “verified”, I meant that I verified to Google that I was an owner of crschmidt.net, so that I could have full access to the Webmaster Tools.

I still don’t see any tool in Webmaster Tools that has any documentation about how to get crschmidt.net/blog/ removed from the Malware list. I did eventually find a ‘request reconsideration’ link — it’s on the main frontpage for webmaster tools, instead of in the domain specific view where I had been looking — but it appears to be related to SEO rankings, and claims to take several weeks for processing, so although I have submitted through that mechanism, I don’t think that I feel that’s actually the one I need to worry about.

By: JohnMu

JohnMu — Sat, 19 Apr 2008 22:49:59 +0000

Hey crschmidt, you might want to try to verify just the sub-part of your site that was detected as having malware, If I do a [site:crschmidt.net] query, I see that everything outside of /blog/ is not marked as having malware. If you’ve already verified http://crschmidt.net/ , you should be able to verify http://crschmidt.net/blog/ without doing anything new.

By: cmn

cmn — Sat, 19 Apr 2008 20:53:27 +0000

It’s not just Google either.

Firefox 3.0b5:

“Reported Attack Site!

This web site at crschmidt.net has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.”

FF3 uses StopBadware as well IIRC, so it looks like the blame lies with them…