Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Domain summit 2024

Sites on my hosting account have been blacklisted. What to do?

Status
Not open for further replies.

Maxwell

Formerly known as grcorp.
Legacy Exclusive Member
Joined
Nov 22, 2009
Messages
1,435
Reaction score
208
Feedback: 7 / 1 / 0
I just registered a domain a week or so ago, and installed wordpress on it, with the intention of building a landing page on it. I put it off for a bit, then out of curiosity, went to visit the site. I was then facing a scary warning message; cautioning me that this site could harm my computer and it was hosting malware.

I have a feeling this was a security compromise of some sort. So I looked at the whole "why is this appearing?" section. Turns out I have to try and fix the issue through the google webmaster tool.

It looks like every domain I have hosted has been blacklisted. This is not good. For anyone who has had this happen to them before, how have you dealt with it? Did it ever get up and running the way it should have been?
 
Domain summit 2024

Theo

Account Terminated
Joined
Feb 28, 2004
Messages
30,318
Reaction score
2,217
Feedback: 723 / 0 / 0
Probably a plugin you installed was infected, or someone injected your installation with malware. PM me the domain if you want me to take a look.
 

katherine

Country hopper
Legacy Exclusive Member
Joined
Jul 9, 2005
Messages
8,428
Reaction score
1,290
Feedback: 65 / 0 / 0
The domain you registered a week ago, does it have a bad history by any chance ?
 

amplify

Level 5
Legacy Exclusive Member
Joined
Sep 15, 2009
Messages
3,464
Reaction score
1,171
Feedback: 68 / 0 / 0
What Theo said. Your site got injected through a plugin or security flaw within WordPress and when Google came around, it noticed the snippet that redirects your users, tries to make them forcefully do it or something else. If you have SSH, it's easy to find sometimes as most will put a eval() gzinflate() base64_decode() somewhere in your files. Most likely, they're added to a theme file- but can be harder to snoop around without SSH and some command lines. Once you find the malicious code and remove it, you have to go into Webmaster Tools, select "Security Issues" and then tick the box "I have fixed these issues" then click "Request a Review". In my experience of doing so, you write something of the sorts: 'To the best of my knowledge and knowhow, I have fixed the security issues and will keep up with them in the future.'. Generally, it takes about 24 to 72 hours and that error will go away in both Webmaster Tools and what you see online.

A good website to check is http://sitecheck.sucuri.net/scanner/ to see if you have been "blacklisted". However, this just means that users will see a warning. I doubt that you will get sandboxed; though will fall in ranking, unless you don't comply with fixing them.

If you scan a website through the link above, mention that in your request. I honestly don't know if there are humans involved with 'checks', but I type something anyway.

Here's a nice example of encoded/decoded text looks like and to be on the lookout for: http://www.tareeinternet.com/scripts/decrypt.php - If you copy/paste the top box, you can see it decoded. Just imagine that being malicious code outputted to the end user though.

Good luck, it can be a pain in the ass sometimes to remove.

Securi SiteCheck also has a free WordPress plugin to scan files. I've found that it's 50/50 though. Some are better than others at hiding their tracks and that's where SSH becomes valuable in searching files for those specific PHP functions.
 

draggar

þórr mjǫlnir
Legacy Exclusive Member
Joined
Dec 26, 2007
Messages
7,357
Reaction score
223
Feedback: 53 / 0 / 0
Sounds like infected files. I had this issue once with one of my sites - they got in and uploaded a ton of scripts. Look though your files and delete anything that shouldn't be there and change your FTP password.

Checking your plugins is a good idea, too.

Worst case, delete everything and start from scratch (leave the database, though, that shouldn't be infected).
 

Maxwell

Formerly known as grcorp.
Legacy Exclusive Member
Joined
Nov 22, 2009
Messages
1,435
Reaction score
208
Feedback: 7 / 1 / 0
The domain you registered a week ago, does it have a bad history by any chance ?

It's a slightly obscure Finnish word, and to the best of my knowledge, it hasn't been registered before.
 

Maxwell

Formerly known as grcorp.
Legacy Exclusive Member
Joined
Nov 22, 2009
Messages
1,435
Reaction score
208
Feedback: 7 / 1 / 0
Thanks for all the replies, everyone! The problem is all fixed, here's a quick breakdown of what happened...

- I contacted hostgator; turns out this happens all the time, and they had a very comprehensive ticket submission process
- An individual security technician emailed me a couple of times with the results of the investigation
- It only took a few hours to get everything cleaned out. Which is what I wanted to hear.
- I was then given a guide to restoring my reputation with Google - which did mean I had to use Google Webmaster tools with my Google ID
- I registered in the tool all of the sites that I own that were affected by the hack; and, just as David Walker said above... I had to select the "security issues" option, tick a box that said "I have fixed the issues" or some such thing, and had to write a brief explanation as to the steps I took to repair them. I just said the hosting company gave me the go-ahead.
- They then showed as in-progress... and less than 24 hours, Chrome, Firefox and the search engines weren't blocking my site anymore. So I'm back up and running :)

Thanks so much for the concern and advice everyone... especially to Theo, who gave me some great insight about an alternative way of hosting.

Moments like these are what make a DNF membership worth every penny!
 

jaydub

Level 10
Legacy Exclusive Member
Joined
Jul 1, 2004
Messages
5,862
Reaction score
547
Feedback: 396 / 0 / 0
Nice work everyone....this really does shine a light on the advantage of a community :eek:k:
 

manyagem

Level 4
Legacy Exclusive Member
Joined
Feb 8, 2014
Messages
123
Reaction score
50
Feedback: 1 / 0 / 0
Lots to learn from this thread - as mentioned, worth the memb fee for such advice.

By the by, I once had my e-shop blacklisted because it was using shared webspace and another site at the same address was renegade. It pays to have unique webhosting.
 
Status
Not open for further replies.

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Be a Squirrel
MariaBuy

New Threads

Our Mods' Businesses

Free QR Code Generator by MerchArts
UrlPick.com

*the exceptional businesses of our esteemed moderators

Top Bottom