| Author |
Topic: "THIS SITE MAY HARM YOUR COMPUTER" |
Donna Dodd
From:
Acworth, Georgia, USA
|
Posted 23 Apr 2009 2:18 am |
|
Wiz,
We recently sent out a broadcast email about our upcoming show in June, and included a link to our GaSGA website: www.georgiasteelguitar.com
Several of our members responded, saying they had received a malware warning against our site. I contacted LeadingEdge Hosting about this. They ran multiple detections, yet came up with nothing to indicate this issue.
I'm attaching the actual warning we received from one user.
_________________
Donna Dodd
Georgia Steel Guitar Association (GaSGA) Board Member & Website Administrator
"Every person is a new door to a different world."
- from movie Six Degrees of Separation
Come visit my steel guitar store on CafePress! http://www.cafepress.com/zoomwithaview
Webmaster, http://www.georgiasteelguitar.com |
|
|
|
Tommy Dodd
From:
Acworth, Ga., USA (deceased)
|
Posted 23 Apr 2009 8:44 am
|
|
Hey Wiz,
Do you have any ideas on what could be cause certain visitors to get this message and not others? |
|
|
|
Ken Lang
From:
Simi Valley, Ca
|
Posted 23 Apr 2009 3:53 pm
|
|
I recieved the same screen when I went to the site. In fact that is my screen.
I did see it at a couple of other sites I believe. Have no idea what it means.
_________________
heavily medicated for your safety |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 23 Apr 2009 4:36 pm
|
|
I'll wager that all of you are browsing with the McAfee SiteAdvisor plugin enabled and set to kill. The SiteAdvisor toolbar add-on is known to be up to one year behind in its detections. I recommend using Firefox 3.x, without the SiteAdvisor plugin (uninstall it), as FF now ships with an anti-phishing, anti-malware plug-in that is maintained by Google itself.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
John Cipriano
From:
San Francisco
|
Posted 23 Apr 2009 8:01 pm
|
|
I get it too. Firefox, Safari and Chrome will all automatically display this notice if a site is listed as dangerous by Google. I don't know about IE.
This is what Google says:
| Code: |
Of the 2 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-04-12, and the last time suspicious content was found on this site was on 2009-04-12.
Malicious software includes 1 scripting exploit(s). |
The full report is here. The request for review is here.
Donna, check with your administrator. My guess is that the scripts on your site are vulnerable to what are called cross-site scripting or XSS attacks. It's just a guess, though.
First you need to check all of your scripts for vulnerabilities and then make sure that nothing is on the server that doesn't belong there. Then you need to follow Google's instructions on how to remove the page from the suspicious sites list. They are in the two pages I linked above. I've never actually had to do it so I don't know the details, but hopefully it's not too difficult. I see a lot of scripts on the page that are just for loading images and I'd imagine you could get by without them. Sorry for the bad news and I wish you luck in fixing it. |
|
|
|
Doug Beaumier
From:
Northampton, MA
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 23 Apr 2009 9:45 pm
|
|
I answered too fast! After visiting the georgasteel.com website I also got a blocked warning box. It is eay enough to click on Ignore this warning and enter the site.
When I used Internet Explorer 7 I got into the site without any warnings at all. Evidentally, John C is correct, Google's filters are mis-identifying the website as having hosted a malware download. I think that the Flash player's attributes may be triggering the false positive warning.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
John Cipriano
From:
San Francisco
|
Posted 28 Apr 2009 9:55 pm
|
|
Unfortunately www.tommydodd.com is being flagged as well. Did Leading Edge code the pages as well? If so I think you guys are going to need to lean on them a little bit more. Tell them they need to create an account with Google Webmaster Tools and then request a review of the two sites. Best of luck.
Also, I can't help but mention Tommy that your avatar on the forum is a really nice photo, very classy  |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 29 Apr 2009 12:04 pm
|
|
Unfortunately, both the Georgia Steel Guitar and Tommy Dodd websites have been hacked with 1x1 iframes that redirect browsers to another redirection website, where victims are infected by exploit codes to receive malware.
Right now it is unsafe to view these websites unless you have the NoScript plug-in for Firefox and the most recent version of Firefox. The iframe will redirect any other browser to the source of the infection (unless iframes are turned off).
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Donny Hinson
From:
Glen Burnie, Md. U.S.A.
|
Posted 8 May 2009 7:22 pm
|
|
| I didn't have any trouble accessing the site, but then again,,,,I don't use FF, IE, or GC. |
|
|
|
Ken Lang
From:
Simi Valley, Ca
|
Posted 9 May 2009 8:33 pm
|
|
Interesting. I just went to both sites with Google chrome and then Opera. Neither had the red flag any longer. Must be fixed.
_________________
heavily medicated for your safety |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
|
|
|
