LINK to Mapquest - MALWARE????

Skip to first unread message


Nov 20, 2008, 4:09:11 PM11/20/08
to stopbadware
SO ALL - Again I am new to this being introduced to this HELL only
three weeks ago. But I found something funny here....

A website I coded a long time ago was blacklisted:

OK get this - I think my link to Mapquest is the culprit...

Am I totally off base here???
This is the same interstitial warning page that my site gets...

Is google just PO'ed that I am not linking to



Nov 20, 2008, 6:18:47 PM11/20/08
to stopbadware
If you explicitly enter the URL of a site into the Safe Browsing
Diagnostic URL, you'll always get a Diagnostic page for that site.
Most of the reports indicate the site is not suspicious.

Mapquest, or Google's opinion on your choice of map provider, wouldn't
have anything to do with the badware flag.

Jesse N

Nov 20, 2008, 6:26:55 PM11/20/08
Hey there,

Some one get at me. I've got an untouched .htaccess hack that we can
review for how it was accessed and all of that jazz.

I fixed the issue on one my main project, and decided to check one of my
side projects that are on the same host. Turns out they dropped an
.htaccess in there where I didn't have one yet.


Nov 20, 2008, 8:19:01 PM11/20/08
to stopbadware
If you can post the malicious part of the code here, over the next few
days it might help discover whether these attacks all seem to be
related (if the code is identical).

Also, as more people post about similar attacks, if any one of them
determines how the .htaccess got modified, it might help everyone who
has been attacked.

As far as how it was accessed, only the timestamp on the .htaccess
combined with a review of your site access logs can determine that.
Look in the logs (regular and FTP logs) for requests that were made a
few seconds before the timestamp.


Nov 21, 2008, 12:44:08 PM11/21/08
to stopbadware
Hi Jesse,

Any progress here?
Did you check the file owner and the permissions of the .htaccess?

Something like "ls -l .htaccess" should provide enough information
to start with. Or a decent FTP client should display this info too.

Reply all
Reply to author
0 new messages