Website hacked, now cleaned... still gives warnings to users

Skip to first unread message


Nov 19, 2008, 10:00:57 PM11/19/08
to stopbadware
Hello all,

My website was 100% injected with malicious code. I spent a lot of
time cleaning my site and I still find my page giving warnings when
trying to access it from Firefox. This is a problem, especially around
Christmas time. My main site I cleaned and it is no longer listed as a
possible threat. My webstore does however. Any help would be
appreciated.. because I cannot locate any malicious code left in my
webstore. I have requested two different reviews and it seems like my
store still pops up. I just want either find this elusive malware or
get my website's name cleaned

Parts of this site may be distributing malware. Google users will see
a warning page when they attempt to visit these pages. You can visit
the Google Safe Browsing diagnostic page for your site for detailed
information about the problems we found. Help

Sample pages that may be distributing malware: http : // toliv ealie .
com / store / (SPLIT UP TO PROTECT IT)

Please review's Security Tips for Websites and make
any necessary changes to your site. When you have cleaned your site,
you can request a review, and we'll evaluate your site.

Request a review
Status of the latest badware review for this site: A review for this
site has finished. The site was found clean. The badware warnings from
web search are being removed. Please note that it can take some time
for this change to propagate.


Nov 20, 2008, 10:33:16 AM11/20/08
to stopbadware

Google's safe browsing diagnostins page for your store says,
malicious content was not found since Nov 11.

Maybe you should specifically request the review of the /store/ part
of the site? I never requested such reviews myself and don't know
whether such an option exists.



Nov 20, 2008, 5:26:32 PM11/20/08
to stopbadware
The difference between the main site and store pages is the query
strings. Main = appears to be all or mostly static .html pages. Store
= dynamic PHP with query strings.

If there is still a problem, it is most likely SQL injection on your
PHP pages. See recent posts here about Asprox for info about this type
of attack.

Here's an example of the problem:


What if someone calls the page, but puts a URL where "specials" should
Study your PHP script to determine what the page will do under that


Nov 20, 2008, 10:56:05 PM11/20/08
to stopbadware
I guess the Googlebots needed time to traverse!!

"This is a BlacklistDoctor notification
No webpages from your website toliv ealie. com/ currently appear on
the Google malware blacklist"

Went from 2xx pages to 0! Thanks everyone!! Posting here was a huge
Reply all
Reply to author
0 new messages