Tuesday, May 12, 2009

Reported Attack Site! (only not)

What a complete nightmare.

If you've visited my website since this morning, and you're using the very wonderful Firefox as your browser of choice, you may have gotten the same shock I did when I went to check it today...

Instead of my lovely welcoming homepage you are currently subjected to a greyed-out screen with a big red box in the middle that loudly proclaims "Reported Attack Site! This web site has been reported as an attack site and has been blocked based on your security preferences."


I read the auto email from Google again (which is what had prompted me to check my site this morning) and follow the instructions. Check the source code for injected weird blocks of code or anything that shouldn't be there etc etc. Absolutely clean and pristine, nothing wrong with my source code at all. What's going on?

I call my ISP and they sheepishly admit it's all their fault. Someone who has a website hosted on the same server as mine has found a way of randomly (and only occasionally) intercepting a Google request for other sites on the server (including mine) and has been able to redirect the person Googling for my site to their own (malware) site instead. So now Google thinks I have malware on my site which I don't. I'm not a happy bunny right now.

I find it incredibly frustrating because I now have to request that Google remove me from their "no-fly" list (which I shouldn't be on anyway) and in the meantime all my clients and potential clients will think I have a dodgy site and am therefore a dodgy person to do website dealings with.

I've done the requesting-a-review-from-Google thing, but have no idea how long it will take for them to clear me - and meanwhile my reputation is potentially heading rapidly south as potential clients see the warning page and race off in the opposite direction!


Technorati tags: , , , , , , , .


Carolina Clay said...


You have my sympathy on this. It once happened to me through Blogger. I think my message was that I needed to reply within a certain number of hours or all my blog entries would be DELETED!!!

This was an error, and I was just one of many who received the message. However, they sure got my attention, LOL!

I'm now at your site via Firefox, so the main trouble must be over.

Have a great rest of the week!


webweaver said...

Hey Caro - thanks for letting me know you can access my site again!

Wow I am completely amazed they fixed it so fast! Must be some kind of record I reckon. I was googling around trying to find out more about it and was reading timeframes like a few days to remove the site from the no-fly list, and a few weeks to remove the site's "bad site" labelling in google search results.

But both are completely sorted this morning so hooray! for Google and hooray! for the Kiwi Web Hosting Company for fixing it so quickly.

Hopefully not too many potential clients got frightened away yesterday - although now of course I must continue to draw attention to the fact that it happened because I need to include the reassurance/explanation notice at the top of my homepage for anyone who did pass by yesterday and saw the warning notice...

Ah well, I'm v happy it's sorted, anyway.


Anonymous said...

This has happened to my site today and I came across your blog post while googling trying figure how to get this fixed and I'm still not exactly sure what I'm suppose to do. Could you elaborate on what exactly you did to get rid of this problem? And by the way I know how you felt, I'm still in shock, seeing Reported Attack Site! across the page nearly made me fall out of my chair.

webweaver said...

Hi Anonymous!

I would suggest calling your ISP first of all to see if there are any known hacks of the server where they host your site. They might be able to help you - in my case I hadn't been hacked at all, and it was good to find that out from the ISP.

Then - just to be sure - I viewed my source code on the pages on my site listed by Google as having problems, to see if there was any injected or hacked code in them. You're looking for blocks of javascript or random numbers and suchlike - stuff that you didn't put there.

There wasn't - my site was clean - but it was good to check that.

If you do find injected code, you need to get rid of it and check your site (and all associated files) thoroughly to check you've got rid of it all. Google to find any number of websites that can help you with this.

Once you're sure your site is clean you can request that Google does a review of your site so that they can check it's clean and remove the warnings.

Log into Webmaster tools on Google and click “Request a Review” on the Malware warning notice. Write them a response telling them that you identified the error, what it was, it was fixed, and if applicable, that the security breach was fixed.

Hopefully, that should be enough to get Google to un-list you, assuming your site is clean. You should also check StopBadware.org to make sure you're not listed there too.

More info here: What to Do with Google’s Malicious Code Security Warning ReportHope that helps! Good luck!