Wednesday, December 12, 2018

The site ahead contains malware Security error – how to fix

Clients site got the following message when users got to the site.

My journey started with the host which was wrong. It was all google this time. Here are the steps to get google to review your site and take it off the blacklist.

  1. Go to https://support.google.com/chrome/answer/99020?hl=en
  2. Go down to “My site…” and click on “request a review”
  3. On this page is a video to walk you through process.
  4. Next I logged into Google Webmastertools. Clicked on Messages. Clicked on the property with the malware message. And hit “Request a review”.

  5. Lastly click “I have fixed these issues.”
  6. A window will open for you to tell Google what you did to clean the site.

  7. You will get a message “Your request was submitted successfully. Please check back later.”

I hope this helps someone else out there…

 

Google Chrome redirect – http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

Had a customer call in because he was on the LA Times website and clicked on a link that caused his browser to pop-up a Microsoft warning. The warning said he was infected and  needed to pay. He hit control-alt-delete and closed chrome. He restarted his machine and called us.

I opened Chrome and looked at the start page. It was set to “http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND”.  When I put that URL into another browser it took me to just Google. I figured the rest was unecessary and reset his home page to just be “http://www.google.com”.

I downloaded a rootkit scan tool from Bleeping Computer and ran a quick scan. We also use Vipre Anit-virus. I updated the difinitions and ran a full deep scan with Vipre. Nothing else was wrong.

I hope this helps someone else out there…

 

How To Fix Attacked .htaccess File On Godaddy Shared Hosting

Got a call from a client about website not coming up. If you searched for the site in a search engine and clicked on any link to the site you got a page about a missing PHP file.  This site is a static HTML site.

I opened the .htaccess file and saw redirects to the PHP file that didn’t exist. I cleared out the .htaccess file and when you click on the search link the site came up fine.

I contacted Godaddy looking for help, but they don’t deal with .htaccess files. You are on your own. They do offer SiteLock to protect the site.

I used the following links advice and to change the name of the .htaccess file and the contents of the file rewrite the name back to all lower case.

https://perishablepress.com/improve-site-security-by-protecting-htaccess-files/

My final .htaccess file containted the following

<Files ~"^.*\.([Hh][Tt][Aa])">
order allow,deny 
deny from all 
satisfy all 
</Files>

In addition, i changed the password for the FTP access. Next step is to use Sucuri. I know they can protect this site.

I hope this helps me and helps someone else out there…