Why My Blog Is Dangerous
Posted in Uncategorized on April 19th, 2008 at 08:49:27So, a couple people have asked me why Google thinks that my site may harm your computer.
On Wednesday, I received an email from “Google Search Quality”:
We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
I looked through, and sure enough, the links they offered were indeed ‘infected’: I’ve always used WordPress despite my knowledge of the fact that it has security exploits more often than I get around to fixing them (though I do try to keep up). They had has a small iframe included, which claimed to be ‘stats tracking’: Instead, there was Javascript included which, presumably, was malicious.
To the best of my knowledge, I solved this problem on Wednesday night, by removing the mal-links that were pointed out, and patching the security holes I could find fixes to in WordPress. (I just upgraded to WordPress 2.5; In the past, upgrading has been painful, but it wasn’t so bad this time, and there are not yet any known security holes for 2.5 that I’m aware of.)
All in all, not a bad thing: Google emailed me, I fixed the problem, everyone wins. Except…
Following Google’s FAQs, I went to Webmaster Tools, signed up, verified my site, went to their tools…
And in the site management tools, found no such link as they described. Great.
At the time, I assumed only Google was using stopbadware: I’ve since discovered that other things are using it, so I’ve requested reconsideration there.
Still, Google now tells users that my site may be dangerous, despite the fact that it no longer is, and there appears to be no tool in the website management ‘tools’ panel to have them check it out again. Stretches the definition of ‘Do No Evil’ a bit… (Edit: Okay, not really, but it always works when you really want to get a response out of Google to just tell them they’re being evil: People get defensive and help you out ;))
In any case, my web site should be safe. Sorry that people have been confused by the problem.
Edit: JohnMu in comments pointed out why I was having a problem: Since crschmidt.net/blog/ was the only thing listed as ‘infected’, I had to sign up and verify for crschmidt.net/blog/ *seperately* from crschmidt.net. Certainly not exactly intuitive, but doing so allowed me to request a review of my site, so hopefully soon people will be able to view my site again in FF3, and won’t be caught out by Google’s warning (assuming I got all my malware off).