Warning Message

japamor · 2008-11-29, 07:39 PM

Several of my domains get the message

'Reported Attack Site! - This web site at www.Site.com has been reported as an attack site and has been blocked based on your security preferences.'

when I try to access them with FF, (it doesn't happen with IE).

I've noticed and removed loads of javascript from some of my pages but I still get the message. I've got anti virus installed and my .htaccess seems normal.

Anyone know what's happening or how I can stop it?

Thanks in advance.

Useless · 2008-11-29, 11:07 PM

Did you click on the "Why was this site blocked" button?

Found this article: http://www.crabappleforest.com/2008/...ular-mac-site/

cd34 · 2008-11-29, 11:53 PM

Recently, a client was hit with an ftp attack where the hacker used their user/pass and modified the pages with an <iframe> loaded on many of the pages. If you have wordpress on those sites, you might check to see if you have comments with hidden <iframe> links in them.

I would suspect that your sites probably have some link to a badware site. Look on your pages for unknown javascript and unknown iframe links.

japamor · 2008-11-30, 10:16 AM

UW
Thanks for that link. That's exactly the page I'm getting.
When I click on the 'Why blocked' button I'm told that my site was listed for suspicious activity 1 time over the past 90 days but has not functioned as an inermediary for the infection of other sites and is not the host for malicious software.

Sparky
I don't think there's a Wordpress connection but there's certainly lots of Javascript added to my sites.

One thing I'm not sure about. Is it just my PC settings that cause me to get this message? I've removed all the javascript I can find but I'm still getting the message. Can someone please take a look in FF at
http://www.japamor.com/xxxx/freesitelist.html

I'd be interested to know if you get the message too.

Many thanks.

Tekster · 2008-11-30, 10:35 AM

I get the same message on FF.

cd34 · 2008-11-30, 10:57 AM

Once you have removed it, there is a link in webmaster tools to ask for reinclusion which is quicker than waiting for the bot to discover that it isn't there.

If you had foreign javascript on your pages, make sure you check every page you have -- sometimes those guys go quite deep into the site when they have FTP access and will reinfect the domain hours later if you didn't change your user/password for FTP.

Cleo · 2008-11-30, 11:21 AM

Safari is also putting up a warning.

Useless · 2008-11-30, 12:16 PM

Quote:

Originally Posted by japamor

Sparky
I don't think there's a Wordpress connection but there's certainly lots of Javascript added to my sites.

You may have a questionable WP plugin. This guy did. http://www.broadbandreports.com/foru...an-attack-site

Bobc01 · 2008-11-30, 04:18 PM

I got the blocked message in FF too so clicked the why was this site blocked..

There were 2 source links to .cn domains in the info.

japamor · 2008-12-01, 03:11 AM

Thanks everyone for the advice. Its been a great help.

I'm now trying to make some sense of it with Google. I'll post again when I have some news.

japamor · 2008-12-01, 09:11 PM

All looks OK now.

After cleaning up the foreign Javascript I requested a review from Google and it looks like the sites are back to normal. I've also changed the password to my FTP site.
Once again a big thanks to UW, Sparky and everyone for your help.

2008-11-29, 07:39 PM	#1
japamor I Love Turkish Delight, they're very moreish. Join Date: Nov 2004 Location: UK Posts: 578	Warning Message Several of my domains get the message 'Reported Attack Site! - This web site at www.Site.com has been reported as an attack site and has been blocked based on your security preferences.' when I try to access them with FF, (it doesn't happen with IE). I've noticed and removed loads of javascript from some of my pages but I still get the message. I've got anti virus installed and my .htaccess seems normal. Anyone know what's happening or how I can stop it? Thanks in advance. __________________

2008-11-29, 11:07 PM	#2
Useless Certified Nice Person Join Date: Oct 2003 Location: Dirty Undies, NY Posts: 11,268	Did you click on the "Why was this site blocked" button? Found this article: http://www.crabappleforest.com/2008/...ular-mac-site/ __________________ Click here to purchase a bridge I'm selling.

2008-11-29, 11:53 PM	#3
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	Recently, a client was hit with an ftp attack where the hacker used their user/pass and modified the pages with an <iframe> loaded on many of the pages. If you have wordpress on those sites, you might check to see if you have comments with hidden <iframe> links in them. I would suspect that your sites probably have some link to a badware site. Look on your pages for unknown javascript and unknown iframe links. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2008-11-30, 10:16 AM	#4
japamor I Love Turkish Delight, they're very moreish. Join Date: Nov 2004 Location: UK Posts: 578	UW Thanks for that link. That's exactly the page I'm getting. When I click on the 'Why blocked' button I'm told that my site was listed for suspicious activity 1 time over the past 90 days but has not functioned as an inermediary for the infection of other sites and is not the host for malicious software. Sparky I don't think there's a Wordpress connection but there's certainly lots of Javascript added to my sites. One thing I'm not sure about. Is it just my PC settings that cause me to get this message? I've removed all the javascript I can find but I'm still getting the message. Can someone please take a look in FF at http://www.japamor.com/xxxx/freesitelist.html I'd be interested to know if you get the message too. Many thanks. __________________

2008-11-30, 10:35 AM	#5
Tekster Formerly known as TekAngel Join Date: Feb 2007 Location: Valley of the Sun Posts: 1,951	I get the same message on FF. __________________ Mr. Eros Free Porn Links iPhone Porn Phone-Pics

2008-11-30, 10:57 AM	#6
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	Once you have removed it, there is a link in webmaster tools to ask for reinclusion which is quicker than waiting for the bot to discover that it isn't there. If you had foreign javascript on your pages, make sure you check every page you have -- sometimes those guys go quite deep into the site when they have FTP access and will reinfect the domain hours later if you didn't change your user/password for FTP. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2008-11-30, 04:18 PM	#9
Bobc01 Banned Join Date: Apr 2007 Location: Hell Posts: 817	I got the blocked message in FF too so clicked the why was this site blocked.. There were 2 source links to .cn domains in the info.

2008-12-01, 03:11 AM	#10
japamor I Love Turkish Delight, they're very moreish. Join Date: Nov 2004 Location: UK Posts: 578	Thanks everyone for the advice. Its been a great help. I'm now trying to make some sense of it with Google. I'll post again when I have some news. __________________

2008-12-01, 09:11 PM	#11
japamor I Love Turkish Delight, they're very moreish. Join Date: Nov 2004 Location: UK Posts: 578	All looks OK now. After cleaning up the foreign Javascript I requested a review from Google and it looks like the sites are back to normal. I've also changed the password to my FTP site. Once again a big thanks to UW, Sparky and everyone for your help. __________________